From owner-ietf-openproxy Fri Jul 21 15:38:15 2000 Received: by ns.secondary.com (8.9.3/8.9.3) id PAA21677 for ietf-openproxy-bks; Fri, 21 Jul 2000 15:38:15 -0700 (PDT) Received: from prv-mail20.provo.novell.com (prv-mail20.provo.novell.com [137.65.81.122]) by ns.secondary.com (8.9.3/8.9.3) with SMTP id PAA21673 for ; Fri, 21 Jul 2000 15:38:14 -0700 (PDT) Received: from INET-PRV-Message_Server by prv-mail20.provo.novell.com with Novell_GroupWise; Fri, 21 Jul 2000 16:40:15 -0600 Message-Id: X-Mailer: Novell GroupWise Internet Agent 5.5.3.1 Date: Fri, 21 Jul 2000 16:40:08 -0600 From: "Hilarie Orman" To: Subject: Welcome to the openproxy mailing list Mime-Version: 1.0 Content-Type: multipart/alternative; boundary="=_A7FFEB5F.D3B2D891" Sender: owner-ietf-openproxy@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: This is a MIME message. If you are reading this text, you may want to consider changing to a mail reader or gateway that understands how to properly handle MIME multipart messages. --=_A7FFEB5F.D3B2D891 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: quoted-printable This discussion group is the evolution of the "cache" group that led to the Internet draft on Extensible Proxy Services Framework in July, 2000. Contributors from Novell, Sun, and Digisle developed the draft for public discussion. This is the place public commentary on the draft, the issues, the platform, the services, the language, etc. At this time the names being considered for the DNS domain devoted to the topic are extproxy.org, opencache.org, and epsfw.org. Watch here for announcement of the permanent home of the website, which is temporarily at http://www.cs.utah.edu/~horman/openproxy.html. Hilarie Orman Novell --=_A7FFEB5F.D3B2D891 Content-Type: text/html; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable

This discussion group is the evolution of the "cache" group

that led to the Internet draft on Extensible Proxy Services

Framework in July, 2000. Contributors from Novell, Sun,=20 and

Digisle developed the draft for public discussion.

This is the place public commentary on the draft, the issues,

the platform, the services, the language, etc.

At this time the names being considered for the DNS domain

devoted to the topic are extproxy.org, opencache.org, and

epsfw.org. Watch here for announcement of the permanent

home of the website, which is temporarily at

http://www.cs.utah.e= du/~horman/openproxy.html.

Hilarie Orman

Novell

--=_A7FFEB5F.D3B2D891-- From owner-ietf-openproxy Fri Jul 21 15:47:01 2000 Received: (from majordomo@localhost) by ns.secondary.com (8.9.3/8.9.3) id PAA21845 for ietf-openproxy-bks; Fri, 21 Jul 2000 15:47:01 -0700 (PDT) Received: from prv-mail20.provo.novell.com (prv-mail20.provo.novell.com [137.65.81.122]) by ns.secondary.com (8.9.3/8.9.3) with SMTP id PAA21841 for ; Fri, 21 Jul 2000 15:46:59 -0700 (PDT) Received: from INET-PRV-Message_Server by prv-mail20.provo.novell.com with Novell_GroupWise; Fri, 21 Jul 2000 16:49:04 -0600 Message-Id: X-Mailer: Novell GroupWise Internet Agent 5.5.3.1 Date: Fri, 21 Jul 2000 16:48:55 -0600 From: "Hilarie Orman" To: Subject: Workshop announcement Mime-Version: 1.0 Content-Type: multipart/alternative; boundary="=_8AD2C670.DDBCD69E" Sender: owner-ietf-openproxy@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: This is a MIME message. If you are reading this text, you may want to consider changing to a mail reader or gateway that understands how to properly handle MIME multipart messages. --=_8AD2C670.DDBCD69E Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: quoted-printable CFP: Open Proxy Workshop, September 13, 2000 Call for Participation: Workshop on Sophisticated Content Services for the Network: Extensible Proxies September 13, 2000 San Jose Convention Center San Jose, California This workshop will help to define a new platform for the Internet, one = that is essential for engineering the delivery of sophisticated content forms and is also = essential for bringing a new level of sophistication to content delivery. We are seeking participant= s who can bring to bear architectural innovations, new services ideas, and to either inspire = or be inspired by a new direction in the evolution of the Internet.=20 In today's Internet, the infrastructure creating the "the net" is pointing = towards a new network service model. The Web is becoming clients or user agents that consume = information, content servers that provide the basic information and units of Web = infrastructure which are the Proxies (or Proxy-Cache). These critical infrastructure devices = provide the opportunity for enhanced services that expand the value of content on the Internet. = Examples of such services are:=20 content adjustment - adjusting and/or assembling the content = ultimately being delivered to the user. Today we see this in content assembly for = advertising.=20 presentation adjustment - modifying the content presentation to be = more suitable for the client. Today we have WAP and other gateways to adjust content.=20= semantic management - evaluate content against classification = criteria such as virus detection, topic, legality, etc.=20 Extending the notion of content services leads us to operations such = as:=20 Data dependent cache functioning - cache management strategy is a = function of the nature of the cached data. Content providers are already acting on = the requirements for caching streaming multimedia data.=20 Web accounting - tracking Web usage independently of the content = server or user client.=20 Multiple network sharing - objects obtained from a data network can, = for example, feed a broadcast system.=20 A recent Internet-Draft (EPSFW, http://www.ietf.org/internet-drafts/draft-t= omlinson-epsfw-00.txt) proposed an architectural framework for standardizing the components and = APIs that can be used to build these services. This is the Extensible Proxy Services = Framework.=20 We are holding a working to present and discuss concepts needed for = standardizing=20 components in the Proxy system.=20 Suggested areas for papers or panels are=20 High-performance architecture requirements and engineering criteria=20 Innovative services on proxy platforms (e.g. messaging, geographic = positioning, etc.)=20 Languages for extensible services=20 Dynamic service extensions: delivery, loading, etc.=20 New communication protocols=20 Other new platform architectures for Internet infrastructure=20 Papers and panels must be submitted by August 31, 2000. Please send a = title and abstract for papers to Michael Condry (condry@eng.sun.com); panel proposals should = include title, abstract, and names of committed panelists and should be = sent to Hilarie Orman (horman@novell.com). Responses will be sent by = September 3, 2000.=20 Registration information will be available at the Extensible Proxy = website, http://www.cs.utah.edu/~horman/opencache.html. --=_8AD2C670.DDBCD69E Content-Type: text/html; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable

CFP: Open Proxy Workshop, September 13, 2000

           &nbs= p;         =20 Call for Participation: Workshop=20 on
           &nb= sp;    =20 Sophisticated Content Services for the=20 Network:
          &nb= sp;            =     =20 Extensible=20 Proxies
          &nbs= p;            &= nbsp;  =20 September 13,=20 2000
           &= nbsp;           =20 San Jose Convention=20 Center
           = ;            &n= bsp;   =20 San Jose, California

This workshop will help to define a new platform for the Internet, = one that=20 is essential for
engineering the delivery of sophisticated content = forms and=20 is also essential for bringing a
new level of sophistication to = content=20 delivery. We are seeking participants who can bring to
bear architectura= l=20 innovations, new services ideas, and to either inspire or be inspired = by=20 a
new direction in the evolution of the Internet.

In today's Internet, the infrastructure creating the "the net" is = pointing=20 towards a new network
service model. The Web is becoming clients or = user=20 agents that consume information,
content servers that provide the = basic=20 information and units of Web infrastructure which are
the Proxies = (or=20 Proxy-Cache). These critical infrastructure devices provide the=20 opportunity
for enhanced services that expand the value of content on = the=20 Internet. Examples of such
services are:

     content adjustment - adjusting and/or = assembling=20 the content ultimately being
     delivered to the = user.=20 Today we see this in content assembly for advertising.=20
     presentation adjustment - modifying the = content=20 presentation to be more suitable for
     the = client.=20 Today we have WAP and other gateways to adjust content.=20
     semantic management - evaluate content = against=20 classification criteria such as virus
     = detection,=20 topic, legality, etc.

Extending the notion of content services leads us to operations such = as:=20

     Data dependent cache functioning - cache=20 management strategy is a function of the
     = nature of=20 the cached data. Content providers are already acting on the=20 requirements
     for caching streaming multimedia = data.=20
     Web accounting - tracking Web usage independen= tly=20 of the content server or user
     client.=20
     Multiple network sharing - objects obtained = from a=20 data network can, for example,
     feed a = broadcast=20 system.

A recent Internet-Draft (EPSFW, h= ttp://www.ietf.org/internet-drafts/draft-tomlinson-epsfw-00.txt)

proposed an architectural framework for standardizing the components = and=20 APIs that can be

used to build these services. This is the Extensible Proxy Services=20= Framework.

We are holding a working to present and discuss concepts needed = for=20 standardizing

components in the Proxy system.

Suggested areas for papers or panels are

High-performance architecture requirements and engineering criteria=20=
Innovative services on proxy platforms (e.g. messaging, geographic=20 positioning, etc.)
Languages for extensible services
Dynamic = service=20 extensions: delivery, loading, etc.
New communication protocols =
Other=20 new platform architectures for Internet infrastructure

Papers and panels must be submitted by August 31, 2000. Please send a = title=20 and abstract
for papers to Michael Condry (condry@eng.sun.com); panel = proposals should=20 include title, abstract, and names of committed panelists and should be = sent to=20 Hilarie Orman (horman@novell.com).= =20 Responses will be sent by September 3, 2000.

Registration information will be available at the Extensible Proxy=20 website,

http://www.cs.utah.e= du/~horman/opencache.html.

--=_8AD2C670.DDBCD69E-- From owner-ietf-openproxy Fri Jul 21 17:14:09 2000 Received: by ns.secondary.com (8.9.3/8.9.3) id RAA23192 for ietf-openproxy-bks; Fri, 21 Jul 2000 17:14:09 -0700 (PDT) Received: from mercury.Sun.COM (mercury.Sun.COM [192.9.25.1]) by ns.secondary.com (8.9.3/8.9.3) with ESMTP id RAA23188 for ; Fri, 21 Jul 2000 17:14:08 -0700 (PDT) Received: from sunmail1.Sun.COM ([129.145.1.2]) by mercury.Sun.COM (8.9.3+Sun/8.9.3) with ESMTP id RAA07921 for ; Fri, 21 Jul 2000 17:16:51 -0700 (PDT) Received: from jurassic.eng.sun.com (jurassic.Eng.Sun.COM [129.146.85.31]) by sunmail1.Sun.COM (8.9.1b+Sun/8.9.1/ENSMAIL,v1.6.1-sunmail1) with ESMTP id RAA07646 for ; Fri, 21 Jul 2000 17:16:51 -0700 (PDT) Received: from condry.org (remote02.PRC.Sun.COM [129.158.166.202]) by jurassic.eng.sun.com (8.10.2+Sun/8.10.2) with ESMTP id e6M0GmI568408 for ; Fri, 21 Jul 2000 17:16:48 -0700 (PDT) Message-ID: <3978E6CB.81EADAD4@condry.org> Date: Fri, 21 Jul 2000 17:11:55 -0700 From: "Michael W> Condry" X-Mailer: Mozilla 4.73 [en] (Win98; U) X-Accept-Language: en,pdf,zh,zh-CN,zh-TW MIME-Version: 1.0 To: ietf-openproxy@imc.org Subject: Re: Welcome to ietf-openproxy References: <200007211239.FAA26289@ns.secondary.com> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-ietf-openproxy@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: Great thanks to Hilarie for getting this together! Majordomo@imc.org wrote: > -- > > Welcome to the ietf-openproxy mailing list! > > Please save this message for future reference. Thank you. > > If you ever want to remove yourself from this mailing list, > you can send mail to with the following > command in the body of your email message: > > unsubscribe ietf-openproxy "Michael W> Condry" > > Here's the general information for the list you've subscribed to, > in case you don't already have it: > > The ietf-openproxy mailing list is for discussion of the issues delineated > in http://www.ietf.org/internet-drafts/draft-tomlinson-epsfw-00.txt. That > document introduces the problem and solution requirements for a > standardized, open and extensible service environment on caching proxies > which enables them to provide general services that mediate, modify, and > monitor object requests and responses. > > To see what has gone on before you subscribed, please see the mailing > list archive at > http://www.imc.org/ietf-openproxy/ > > To unsubscribe from the ietf-openproxy mailing list, send a message to: > ietf-openproxy-request@imc.org > with the message: > unsubscribe > > If you need to contact a human about this mailing list, please > send a message to: > phoffman@imc.org From owner-ietf-openproxy Wed Jul 26 06:53:20 2000 Received: (from majordomo@localhost) by ns.secondary.com (8.9.3/8.9.3) id GAA04325 for ietf-openproxy-bks; Wed, 26 Jul 2000 06:53:20 -0700 (PDT) Received: from mercury.Sun.COM (mercury.Sun.COM [192.9.25.1]) by ns.secondary.com (8.9.3/8.9.3) with ESMTP id GAA04319 for ; Wed, 26 Jul 2000 06:53:18 -0700 (PDT) Received: from sunmail1.Sun.COM ([129.145.1.2]) by mercury.Sun.COM (8.9.3+Sun/8.9.3) with ESMTP id GAA09265 for ; Wed, 26 Jul 2000 06:56:24 -0700 (PDT) Received: from jurassic.eng.sun.com (jurassic.Eng.Sun.COM [129.146.82.166]) by sunmail1.Sun.COM (8.9.1b+Sun/8.9.1/ENSMAIL,v1.6.1-sunmail1) with ESMTP id GAA21611 for ; Wed, 26 Jul 2000 06:56:24 -0700 (PDT) Received: from condry.org (remote01.PRC.Sun.COM [129.158.166.201]) by jurassic.eng.sun.com (8.10.2+Sun/8.10.2) with ESMTP id e6QDuII181070 for ; Wed, 26 Jul 2000 06:56:19 -0700 (PDT) Message-ID: <397EECE3.3F3EF426@condry.org> Date: Wed, 26 Jul 2000 06:51:32 -0700 From: "Michael W. Condry" X-Mailer: Mozilla 4.73 [en] (Win98; U) X-Accept-Language: en,pdf,zh,zh-CN,zh-TW MIME-Version: 1.0 To: ietf-openproxy@imc.org Subject: [Fwd: ITL Bulletin for July 2000] Content-Type: multipart/mixed; boundary="------------F05E6B544C0527A23C3AF851" Sender: owner-ietf-openproxy@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: This is a multi-part message in MIME format. --------------F05E6B544C0527A23C3AF851 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit --------------F05E6B544C0527A23C3AF851 Content-Type: message/rfc822 Content-Transfer-Encoding: 7bit Content-Disposition: inline Return-Path: Received: from engmail2.Eng.Sun.COM (engmail2.Eng.Sun.COM [129.146.1.25]) by jurassic.eng.sun.com (8.10.2+Sun/8.10.2) with ESMTP id e6Q02bI119214; Tue, 25 Jul 2000 17:02:43 -0700 (PDT) Received: from jurassic.eng.sun.com (jurassic.Eng.Sun.COM [129.146.81.144]) by engmail2.Eng.Sun.COM (8.9.3+Sun/8.9.3/ENSMAIL,v1.7) with ESMTP id RAA29643 for ; Tue, 25 Jul 2000 17:02:36 -0700 (PDT) Received: from rjmartin.sun.com (d-cam02-152-202.Corp.Sun.COM [129.145.152.202]) by jurassic.eng.sun.com (8.10.2+Sun/8.10.2) with ESMTP id e6Q02OI119149 for ; Tue, 25 Jul 2000 17:02:24 -0700 (PDT) Message-Id: <4.3.2.7.2.20000725170035.00bbfc60@jurassic.eng.sun.com> X-Sender: rjmartin@jurassic.eng.sun.com X-Mailer: QUALCOMM Windows Eudora Version 4.3.2 Date: Tue, 25 Jul 2000 17:00:42 -0700 To: stds-dept@eng.sun.com From: Elizabeth Lennon (by way of Roger Martin ) Subject: ITL Bulletin for July 2000 Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed To view the bulletin complete with graphics, go to http://www.nist.gov/itl/lab/bulletns/cslbull1.htm. IDENTIFYING CRITICAL PATCHES WITH ICAT By Peter Mell Computer Security Division Information Technology Laboratory National Institute of Standards and Technology Introduction to ICAT Recent attacks on computer systems have intensified the need for relevant, timely information about the attacks and how to prevent them. The Computer Security Division at NIST's Information Technology Laboratory has created a searchable index containing 700 of the most important publicly known computer security vulnerabilities. This index, called ICAT (pronounced eye-cat), helps the user to search for specific vulnerabilities and identify those vulnerabilities that are applicable to their organizations. ICAT provides a summary of selected vulnerabilities and links to patch information specific to each vulnerability. ICAT is available at: http://csrc.nist.gov/icat. Organizations are advised to use a tool such as ICAT to find and fix the vulnerabilities in their networks. ICAT enables systems administrators to find patches for a particular system, but it does not provide a general methodology for applying patches in an organization. This ITL Bulletin presents such guidance. ICAT will be most effective when applied using the suggested methodology. The Common Vulnerabilities and Exposures List The vulnerability information indexed by ICAT pertains to those vulnerabilities included in a standard vulnerability-naming scheme called CVE (Common Vulnerabilities and Exposures). The CVE standard defines a unique name for every widely applicable vulnerability. The list of vulnerability names and information on CVE is maintained by MITRE and can be viewed at: http://cve.mitre.org. The vulnerabilities in the CVE list are chosen by a prominent board of industry, government, and academia members (http://cve.mitre.org/Board_Sponsors/board.html) from the set of vulnerabilities publicly announced on the Internet. While this board's mission is to uniquely name all publicly known vulnerabilities, they are currently targeting recently discovered vulnerabilities and older vulnerabilities that are important enough to be included in commercial intrusion detection and vulnerability scanning products. By leveraging the knowledge and experience of the CVE board, ICAT contains a set of vulnerabilities that are among the most significant. It is important that organizations defend themselves against each one of these vulnerabilities. Since the current list of 700 vulnerabilities is too large for system administrators to manually review, we created ICAT to allow one to search for vulnerabilities applicable to a particular organization's hosts. Uses of ICAT ICAT can help secure a network in a variety of ways, such as the following: Securing a Host with ICAT System administrators can use ICAT to find the vulnerabilities in their systems and to find relevant patches that will secure their systems. There are four steps in using ICAT: * Identify the names and version numbers of any software running on the host (e.g., Solaris 2.5). Of particular importance is the operating system and server software. * Search ICAT for the vulnerabilities that are applicable to the identified set of software. (See below for instructions on searching ICAT.) * Use the ICAT search filters to identify the most dangerous vulnerabilities that exist in the system. These problems should be fixed immediately. * Use the ICAT vulnerability summary pages to find links to relevant patch and vulnerability information. Evaluating a Penetrated System with ICAT When a host is penetrated and the penetration discovered, ICAT can aid system administrators and incident response teams by identifying methods by which a hacker could have entered the host. The related vulnerability entries in ICAT reveal what type of control the attacker could have gained over the machine. Such information can be very useful in restoring a penetrated host. As with any crime, whenever a computer is penetrated, contact the appropriate legal and investigatory authorities. Also, government-sponsored incident response teams are available to assist in recovering from an attack. Government civilian agencies should contact the Federal Incident Response Capability (FedCIRC) at http://www.fedcirc.gov. Commercial organizations may contact the Carnegie Mellon Computer Emergency Response Team/Coordination Center (CERT/CC) at http://www.cert.org. Understanding the Output of Security Products An increasing number of security products identify vulnerabilities and attacks using CVE standard names. Since it uses CVE names, ICAT can be used to research the vulnerabilities and attacks reported by intrusion detection systems and vulnerability scanners. A list of over 25 vendors and computer security organizations using the CVE vulnerability-naming scheme is available at: http://cve.mitre.org/About_CVE/About/othersites.html. Searching ICAT ICAT's Web-based interface is easy to use and is well documented on the Web site. In this section, we present a short introduction to and an example of the ICAT search capability. We suggest that you follow this example on the ICAT Web site. At the ICAT search page, type in a keyword associated with the type of vulnerabilities that you wish to view. Type in the names of software products, operating systems, or devices. For example, type "solaris." To see only entries containing a particular keyword, type "+" before the word. For example, to see only vulnerabilities pertaining to Solaris systems, enter "+solaris." Include software version numbers to further refine a search. Enter "+solaris 2.5" (note the necessary space between keywords). The resulting search will list all Solaris vulnerabilities with those pertaining to version 2.5 at the top of the list. Avoid upper-case letters when searching ICAT, as that will result in a case-sensitive search. At this point, type "+solaris 2.5" into the search text string box and press the "Seek" button. ICAT will return at least 98 vulnerabilities that are applicable to version 2.5 of the Solaris operating system. Before we discuss the search-results page, press the browser back button and we will refine our search using the drop-down menus. At this point, you should have "+solaris 2.5" typed into the search text box and all drop-down menus should be set to "Any." Figure 1: ICAT search page (not available in e-mail version) Use the drop-down menus to refine your search. Each menu permits the user to choose a particular vulnerability attribute. The search engine returns only vulnerabilities that meet the criteria specified in ALL drop-down menu selections. Most of the available drop-down menus and associated choices are shown in Table 1. (See the ICAT documentation for an explanation of the terms in Table 1.) Table 1: Search filters available in the ICAT drop-down search menus (not available in e-mail version) Besides the drop-down menus listed in Table 1, there is also a menu to search the vulnerability entries by vendor names. There are currently 77 vendors represented in the ICAT vulnerability set. At this point, we will refine our current query using the drop-down menus. Using the "Related exploit range" menu, select "Remote" to specify that we want to view only remotely exploitable vulnerabilities. Also, using the "Severity" menu, select "High severity" to specify that we want to look only at vulnerabilities that meet ICAT's definition of high severity (see the documentation for details). A Sample ICAT Entry After creating a search query, press the "Seek" button and ICAT will state the number of search results and a list of vulnerabilities that meet the search criteria. Each vulnerability is identified by a CVE number, a one-line description, and the date on which the vulnerability was first published. Browse through the vulnerabilities and click on "CVE 1999-0210." You are now presented with an ICAT entry that summarizes the vulnerability. The entry is not a complete description of the vulnerability because ICAT is not a vulnerability database. Instead, ICAT summarizes the most important features of the vulnerability. This will enable you to quickly determine whether the vulnerability is applicable to your environment. Several fields will be particularly useful: * the "Summary" line gives a one-line description of the vulnerability, * the "Vulnerable software and versions" line lists the name and version numbers of the vulnerable software, * the "Applicable vendors" line lists the vendors whose software is vulnerable to this problem, * the "Exploitable Range" line tells whether or not a vulnerability can be remotely exploitable, and * the "Loss type" line describes what kind of privilege the vulnerability can give a hacker. If the vulnerability is applicable, one will need to find patch information and a more thorough description of the vulnerability. To fulfill this need, ICAT provides one or more references to patch sites or vulnerability database entries that contain more information. Continuing with our example, click on the hyperlink in the row labeled "Reference 2." This link takes one to the CERT/CC advisory Web site and looks up the particular vulnerability. The CERT/CC advisory thoroughly describes the vulnerability and provides patch information. When you are done browsing the CERT advisory, press the search button on the top menu bar to return to the ICAT search screen. Figure 2: Typical ICAT vulnerability entry (not available in e-mail version) The Importance of Security Advisories While ICAT will aid system administrators by identifying recent vulnerabilities, it is not an early warning system. However, it is important that every organization subscribe to an early warning service. To understand why this is necessary, consider what happens when a hacker publishes a widely applicable attack script on the Internet. Overnight, millions of systems can become completely vulnerable to anyone running the script. In such cases, organizations must be notified very quickly. Several incident response teams send out early warning advisories along with advisories about high-impact vulnerabilities. The advisories describe the vulnerability and how to mitigate or patch the problem. Every organization should monitor these advisories and have a program in place to take appropriate action. Most incident response teams have a mailing list so that new advisories are automatically sent to the appropriate person. Two of the best sources for such advisories are FedCIRC and the CERT/CC. While important, advisories cover only the most critical vulnerabilities. Consequently, monitoring these advisories is not sufficient. Advisories must be used in conjunction with another tool, such as ICAT, that covers a broader range of known vulnerabilities. Guidance on Patching Systems Updating software is one of the most important aspects of maintaining a secure network. It is often overlooked because it seems like a monumental task. For example, how can a single system administrator spend several hours updating each computer at a site with 500 computers? While updating the computers in your network seems overwhelming, this section provides guidance on updating software efficiently. We assume that organizations will be manually installing patches, as this is the most common method today. However, new software is coming to market that allows one to automatically distribute patches throughout an enterprise. Types of Patches Patches are small programs that replace error-ridden code with corrected code. The term "patching" is used to refer to fixing security flaws in software. There are three ways to fix security flaws or to "patch a system": work-arounds, patches, and upgrades. Work-arounds are procedures that a system administrator can use to fix a vulnerability. However, applying work-arounds may limit the functionality of the system being protected. While people generally talk about patching a system to secure it, upgrading to the newest software version is often, but not always, a simple way to ensure that all relevant patches are installed. Three Steps to Patching a Network Step 1: Identify Critical Resources Identify those computers in your network that are critical and update those first. Critical hosts are typically those that are most visible to the outside world, those that store mission-critical data, and those that provide the most critical resources. A typical network's list of critical resources includes external Web sites, routers, firewalls, e-mail servers, DNS servers, and database servers. Step 2: Updating Critical Resources Each critical host should be examined regularly (at least monthly) to determine if any software needs to be updated. All software that an attacker could exploit must be updated regularly. Software in this category includes the operating system, servers or any software that receives network packets, software running as root or administrator, and security software (especially virus checkers). Make a list of such software per host and write down the associated version numbers. Then, find and install the available patches that are to be applied to your version of the software by using ICAT or by visiting the patch site of each vendor for every software package on a host. Each software vendor will have unique instructions on how to install their patches. Be careful to follow their instructions, as patches sometimes must be installed in a strict sequence for the process to work. Step 3: Updating Non-Critical Resources Non-critical hosts are obviously less important to protect than critical hosts. However, an attacker may break into a non-critical host and then use that host to attack critical resources. Thus, the level of security of non-critical hosts is important. Since it is a daunting task to update the software on all non-critical hosts in a network, many systems administrators do not regularly update non-critical hosts that are shielded with external and internal firewalls. The firewalls prevent outside network traffic from being routed to non-critical hosts, which helps protect them from attack. This technique works well but it does not protect against all attacks. Specifically, viruses and Trojan horses (especially those transmitted through e-mail that are typically passed through the firewall) can still attack non-critical hosts. In order to secure non-critical hosts cost-effectively, install firewalls inside your organization to protect groups of non-critical hosts from other parts of the network. This way, if an attacker breaks into a host in your organization, the attacker cannot easily spread their influence to other hosts. Install virus checkers on all non-critical hosts that receive e-mail and configure them to automatically update weekly, if not daily. Lastly, once every year update each non-critical host as defined in step 2. If possible, use a standard configuration for non-critical systems, as this will simplify patching efforts. Life for systems administrators will be made easier if users are trained to perform simple updates on their own machine. For example, users can be trained to periodically use the Microsoft(r) "Windows(r) Update" page to automatically fix security holes in the majority of non-critical host operating systems. Also, systems administrators can advertise that new versions of popular software are available for download. More advanced users will download the new version to get better features and will, as a result, install the latest security patches. Maintaining Patch Records We recommend that every organization maintain a Web server containing all patches they want applied to their software. This enables systems administrators to determine which patches have been approved by their organization. Records should be kept on the software and version numbers on all critical systems as well as which patches have been applied. Automated Patch Dissemination Technology Enterprise management systems are now becoming available that will automatically patch a set of hosts given commands from a single console. Such technology greatly reduces the time involved in installing patches and will greatly enhance the security of organizations using it. However, some organizations may prefer to wait before using this technology as the available solutions are still emerging technologies. Conclusion The ICAT Metabase is a tool that enables one to quickly identify the vulnerabilities that may exist in their systems. ICAT also provides links to relevant patch information. It provides a fine granularity of searching while covering a much larger set of vulnerabilities than is covered by most security advisories. ICAT informs administrators of the most serious threats and enables them to focus patching efforts on those patches that provide the greatest increases in security. ICAT can be an effective tool for improving the security of hosts on a network. (r) Microsoft and Windows are registered trademarks of Microsoft Corporation in the United States and/or other countries. Disclaimer: Any mention of commercial products or reference to commercial organizations is for information only; it does not imply recommendation or endorsement by the National Institute of Standards and Technology nor does it imply that the products mentioned are necessarily the best available for the purpose. ****************************************************** Elizabeth B. Lennon Writer/Editor Information Technology Laboratory National Institute of Standards and Technology 100 Bureau Drive, Stop 8900 Gaithersburg, MD 20899-8900 Telephone (301) 975-2832 Fax (301) 840-1357 ****************************************************** --------------F05E6B544C0527A23C3AF851-- From owner-ietf-openproxy Wed Jul 26 07:06:59 2000 Received: by ns.secondary.com (8.9.3/8.9.3) id HAA04899 for ietf-openproxy-bks; Wed, 26 Jul 2000 07:06:59 -0700 (PDT) Received: from mercury.Sun.COM (mercury.Sun.COM [192.9.25.1]) by ns.secondary.com (8.9.3/8.9.3) with ESMTP id HAA04891 for ; Wed, 26 Jul 2000 07:06:57 -0700 (PDT) Received: from sunmail1.Sun.COM ([129.145.1.2]) by mercury.Sun.COM (8.9.3+Sun/8.9.3) with ESMTP id HAA16078 for ; Wed, 26 Jul 2000 07:10:04 -0700 (PDT) Received: from jurassic.eng.sun.com (jurassic.Eng.Sun.COM [129.146.88.31]) by sunmail1.Sun.COM (8.9.1b+Sun/8.9.1/ENSMAIL,v1.6.1-sunmail1) with ESMTP id HAA24130; Wed, 26 Jul 2000 07:10:03 -0700 (PDT) Received: from condry.org (remote01.PRC.Sun.COM [129.158.166.201]) by jurassic.eng.sun.com (8.10.2+Sun/8.10.2) with ESMTP id e6QE9xI184890; Wed, 26 Jul 2000 07:10:00 -0700 (PDT) Message-ID: <397EF018.EECF37D7@condry.org> Date: Wed, 26 Jul 2000 07:05:12 -0700 From: "Michael W. Condry" X-Mailer: Mozilla 4.73 [en] (Win98; U) X-Accept-Language: en,pdf,zh,zh-CN,zh-TW MIME-Version: 1.0 To: cache@sun.com, ietf-openproxy@imc.org Subject: [Fwd: Few comments about draft-tomlinson-epsfw-0040.txt] Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-ietf-openproxy@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: Some feedback -------- Original Message -------- Subject: Few comments about draft-tomlinson-epsfw-0040.txt Date: Wed, 26 Jul 2000 12:53:07 +0200 From: Sylvain DULOUTRE Reply-To: sylvain.duloutre@france.sun.com Organization: Sun Microsystems To: Michael.Condry@eng.sun.com CC: sylvain.duloutre@france.sun.com Hi Michael, Thanks for the update on draft-tomlinson-epsfw-0040.txt. I've not yet "assimilated" all the implications of this framework on the proxy architecture. However, I'm coming back to you with a few comments: About Rule Base Requirements ---------------------- I would add a mechanism to control the order in which rules are evaluated and thus the order of the action execution. Overall results may be unpredictable if there is no way to control when actions are evaluated. I would also add a mechanism to define what rules are evaluated. Different models could be implemented, like "execute all actions whose rules match", or "execute only the action associated with the first rule that matches" (according to the ordering mechanism defined above). About Proxylet requirements -------------------- I don't see any reference to a possible cooperation between proxylets to perform more complex processing. This would probably require some additional mechanisms to name,register, discover and invoke a proxylet from another proxylet. >> The service environment caching proxy SHOULD define a method to allow any external domain that it may proxy to >> dynamically load or update a proxylet library. "dynamically load" probably also implies a mechanism to make the proxylet persistent on the proxy. ICAP ---- In the document, the proxylet functionality and ICAP are clearly distinguished. I think ICAP could be implemented as a proxylet, so I was wondering if we could have also a more general section covering the problems (like trust) with invocation of "remote" services, like ICAP, but no exclusively. That's it for now. -Sylvain From owner-ietf-openproxy Mon Jul 31 14:26:38 2000 Received: by ns.secondary.com (8.9.3/8.9.3) id OAA22204 for ietf-openproxy-bks; Mon, 31 Jul 2000 14:26:38 -0700 (PDT) Received: from e4.ny.us.ibm.com (e4.ny.us.ibm.com [32.97.182.104]) by ns.secondary.com (8.9.3/8.9.3) with ESMTP id OAA22200 for ; Mon, 31 Jul 2000 14:26:37 -0700 (PDT) From: aminil@us.ibm.com Received: from northrelay02.pok.ibm.com (northrelay02.pok.ibm.com [9.117.200.22]) by e4.ny.us.ibm.com (8.9.3/8.9.3) with ESMTP id RAA05916 for ; Mon, 31 Jul 2000 17:30:07 -0400 Received: from d01ml233.pok.ibm.com (d01ml233.pok.ibm.com [9.117.200.63]) by northrelay02.pok.ibm.com (8.8.8m3/NCO v4.92) with ESMTP id RAA16884 for ; Mon, 31 Jul 2000 17:30:08 -0400 Importance: Normal Subject: IETF meeting dinner To: ietf-openproxy@imc.org Date: Mon, 31 Jul 2000 17:30:05 -0400 Message-ID: X-MIMETrack: Serialize by Router on D01ML233/01/M/IBM(Release 5.0.4a |July 24, 2000) at 07/31/2000 05:30:07 PM MIME-Version: 1.0 Content-type: text/plain; charset=us-ascii Sender: owner-ietf-openproxy@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: The Extensible Proxy website mentions a dinner (Thursday) at the IETF meeting for interested parties. Has the time and place been decided upon? Thanks, Lisa From owner-ietf-openproxy Mon Jul 31 16:38:10 2000 Received: by ns.secondary.com (8.9.3/8.9.3) id QAA24480 for ietf-openproxy-bks; Mon, 31 Jul 2000 16:38:10 -0700 (PDT) Received: from mercury.Sun.COM (mercury.Sun.COM [192.9.25.1]) by ns.secondary.com (8.9.3/8.9.3) with ESMTP id QAA24476 for ; Mon, 31 Jul 2000 16:38:09 -0700 (PDT) Received: from sunmail1.Sun.COM ([129.145.1.2]) by mercury.Sun.COM (8.9.3+Sun/8.9.3) with ESMTP id QAA02711; Mon, 31 Jul 2000 16:41:38 -0700 (PDT) Received: from jurassic.eng.sun.com (jurassic.Eng.Sun.COM [129.146.83.130]) by sunmail1.Sun.COM (8.9.1b+Sun/8.9.1/ENSMAIL,v1.6.1-sunmail1) with ESMTP id QAA14008; Mon, 31 Jul 2000 16:41:37 -0700 (PDT) Received: from condry.org (hobo128.Eng.Sun.COM [129.146.31.128]) by jurassic.eng.sun.com (8.10.2+Sun/8.10.2) with ESMTP id e6VNfX8277860; Mon, 31 Jul 2000 16:41:34 -0700 (PDT) Message-ID: <39860D96.D59265D9@condry.org> Date: Mon, 31 Jul 2000 16:36:54 -0700 From: "Michael W. Condry" X-Mailer: Mozilla 4.73 [en] (Win98; U) X-Accept-Language: en,pdf,zh,zh-CN,zh-TW MIME-Version: 1.0 To: aminil@us.ibm.com CC: ietf-openproxy@imc.org, cache@sun.com Subject: Re: IETF meeting dinner References: Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-ietf-openproxy@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: Have a reservation at 5:45 on Thursday. Directions to Tambellini's Restaurant: (139 7th St., PGH, PA 15222) >From Convention Center start going West on Penn Ave. towards 9th Street by turning Right. Turn Right onto 7th Street. You can't miss it. Total Distance: 0.3 miles. aminil@us.ibm.com wrote: > The Extensible Proxy website mentions a dinner (Thursday) at the IETF > meeting for interested parties. > > Has the time and place been decided upon? > > Thanks, > Lisa From owner-ietf-openproxy Mon Jul 31 18:04:16 2000 Received: (from majordomo@localhost) by ns.secondary.com (8.9.3/8.9.3) id SAA26649 for ietf-openproxy-bks; Mon, 31 Jul 2000 18:04:16 -0700 (PDT) Received: from mercury.Sun.COM (mercury.Sun.COM [192.9.25.1]) by ns.secondary.com (8.9.3/8.9.3) with ESMTP id SAA26642 for ; Mon, 31 Jul 2000 18:04:15 -0700 (PDT) Received: from sunmail1.Sun.COM ([129.145.1.2]) by mercury.Sun.COM (8.9.3+Sun/8.9.3) with ESMTP id SAA25615 for ; Mon, 31 Jul 2000 18:07:49 -0700 (PDT) Received: from jurassic.eng.sun.com (jurassic.Eng.Sun.COM [129.146.83.130]) by sunmail1.Sun.COM (8.9.1b+Sun/8.9.1/ENSMAIL,v1.6.1-sunmail1) with ESMTP id SAA00219 for ; Mon, 31 Jul 2000 18:07:49 -0700 (PDT) Received: from condry.org (hobo142.Eng.Sun.COM [129.146.31.142]) by jurassic.eng.sun.com (8.10.2+Sun/8.10.2) with ESMTP id e7117h8290083 for ; Mon, 31 Jul 2000 18:07:43 -0700 (PDT) Message-ID: <398621C8.DCCB24A4@condry.org> Date: Mon, 31 Jul 2000 18:03:04 -0700 From: "Michael W. Condry" X-Mailer: Mozilla 4.73 [en] (Win98; U) X-Accept-Language: en,pdf,zh,zh-CN,zh-TW MIME-Version: 1.0 To: openproxy Subject: [Fwd: BOF, not final] Content-Type: multipart/mixed; boundary="------------7B84F9A05466B18C79FAC499" Sender: owner-ietf-openproxy@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: This is a multi-part message in MIME format. --------------7B84F9A05466B18C79FAC499 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit --------------7B84F9A05466B18C79FAC499 Content-Type: message/rfc822 Content-Transfer-Encoding: 7bit Content-Disposition: inline Return-Path: Received: from engmail3.Eng.Sun.COM (engmail3.Eng.Sun.COM [129.144.170.5]) by jurassic.eng.sun.com (8.10.2+Sun/8.10.2) with ESMTP id e710Fm8284488 for ; Mon, 31 Jul 2000 17:15:48 -0700 (PDT) Received: from sunmail1.Sun.COM (sunmail1 [129.145.1.2]) by engmail3.Eng.Sun.COM (8.9.3+Sun/8.9.3/ENSMAIL,v1.7) with ESMTP id RAA24691 for ; Mon, 31 Jul 2000 17:15:47 -0700 (PDT) Received: from lukla.Sun.COM (lukla.Central.Sun.COM [129.147.5.31]) by sunmail1.Sun.COM (8.9.1b+Sun/8.9.1/ENSMAIL,v1.6.1-sunmail1) with ESMTP id RAA21062 for ; Mon, 31 Jul 2000 17:15:47 -0700 (PDT) Received: from zealous.cnchost.com (zealous.concentric.net [207.155.252.26]) by lukla.Sun.COM (8.9.3+Sun/8.9.3) with ESMTP id SAA19160 for ; Mon, 31 Jul 2000 18:15:46 -0600 (MDT) Received: from whalers.digisle.com (whalers.digisle.com [167.216.128.32]) by zealous.cnchost.com id UAA22761; Mon, 31 Jul 2000 20:15:44 -0400 (EDT) [ConcentricHost SMTP MX 1.15] Errors-To: Received: from guinness.digisle.net (guinness.digisle.net [167.216.152.33]) by whalers.digisle.com (8.9.3/8.9.3/mx) with ESMTP id AAA20807; Tue, 1 Aug 2000 00:15:40 GMT Received: from digisle.net (dhcp-15-to.digisle.com [206.220.224.91]) by guinness.digisle.net (8.9.3/8.9.3/digisle) with ESMTP id AAA02953; Tue, 1 Aug 2000 00:15:38 GMT Message-ID: <398617D8.CD7CE556@digisle.net> Date: Mon, 31 Jul 2000 17:20:40 -0700 From: Dave Farber Organization: Digital Island X-Mailer: Mozilla 4.61 [en] (WinNT; I) X-Accept-Language: en MIME-Version: 1.0 To: "Michael W. Condry" CC: cache@Sun.COM Subject: Re: BOF, not final References: <39741D00.C51B9324@condry.org> <39748668.1E7A07C7@digisle.net> <3985A2EA.658C8A6C@condry.org> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Michael, I sent the note you are responding to a few weeks ago, when you said there would be no BOF. I am now planning to come to the dinner. Also, I was contacted today by Matt Haines of Inktomi. He plans to come to the BOF dinner and the wrec meeting. I'll forward the info to him. Dave "Michael W. Condry" wrote: > > We are going to have then official BOF dinner on Thursday, I thought > you were coming. On Friday, we have time at WREC. > > Now, I have been invited to the private session on working > group futures for applications and will go. > > If not enough folks are interested in the dinner I will just cancel > it > > Dave Farber wrote: > > > If we don't have an official BOF, should we have an unofficial one? > > Wrec is not scheduled either, from what I can see, nor is there an iCAP BOF. > > I'm wondering whether I should even plan to go.... > > > > Dave > > > > "Michael W> Condry" wrote: > > > > > > There is not a final word on the BOF. However, I talked to Patrick, and he said > > > there was significant problem with slots at IETF48. He did not know about > > > our BOF status but he had to turn down 4 BOFs and several extra working > > > group requests because of slot space. > > > > > > Sooooo, its likely that we will not get a BOF this time. However, regardless > > > we may be shooting for a Working group in IETF49! > > > > > > There is a lot of interest here! --------------7B84F9A05466B18C79FAC499-- From owner-ietf-openproxy Wed Aug 2 13:50:09 2000 Received: by ns.secondary.com (8.9.3/8.9.3) id NAA23273 for ietf-openproxy-bks; Wed, 2 Aug 2000 13:50:09 -0700 (PDT) Received: from mercury.Sun.COM (mercury.Sun.COM [192.9.25.1]) by ns.secondary.com (8.9.3/8.9.3) with ESMTP id NAA23269 for ; Wed, 2 Aug 2000 13:50:08 -0700 (PDT) Received: from sunmail1.Sun.COM ([129.145.1.2]) by mercury.Sun.COM (8.9.3+Sun/8.9.3) with ESMTP id NAA09643; Wed, 2 Aug 2000 13:53:51 -0700 (PDT) Received: from jurassic.eng.sun.com (jurassic.Eng.Sun.COM [129.146.87.31]) by sunmail1.Sun.COM (8.9.1b+Sun/8.9.1/ENSMAIL,v1.6.1-sunmail1) with ESMTP id NAA19666; Wed, 2 Aug 2000 13:53:50 -0700 (PDT) Received: from condry.org (hobo112.Eng.Sun.COM [129.146.31.112]) by jurassic.eng.sun.com (8.10.2+Sun/8.10.2) with ESMTP id e72KrhH208297; Wed, 2 Aug 2000 13:53:44 -0700 (PDT) Message-ID: <39888942.168D40DA@condry.org> Date: Wed, 02 Aug 2000 13:49:06 -0700 From: "Michael W. Condry" X-Mailer: Mozilla 4.73 [en] (Win98; U) X-Accept-Language: en,pdf,zh,zh-CN,zh-TW MIME-Version: 1.0 To: Sumanth CC: openproxy Subject: Re: IETF meeting dinner References: <39860D96.D59265D9@condry.org> <398843C2.7B33B3DF@bigfoot.com> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-ietf-openproxy@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: No, just come. Do you know the info? For a BOF discussion group, Have a reservation for dinner at 5:45 on Thursday. I hope you can attend. Directions to Tambellini's Restaurant: (139 7th St., PGH, PA 15222) >From Convention Center start going West on Penn Ave. towards 9th Street by turning Right. Turn Right onto 7th Street. Total Distance: 0.3 miles. Sumanth wrote: > Hi Michael, > We are a couple of developers working on an IBM caching proxy product. > We're not attending the > IETF but we're interested in coming to the meeting dinner. Do we need to > register or RSVP for it? > > Thanks, > Sumanth > > Michael W. Condry wrote: > > > Have a reservation at 5:45 on Thursday. > > Directions to Tambellini's Restaurant: (139 7th St., PGH, PA 15222) > > > > >From Convention Center start going West on Penn Ave. towards 9th Street > > by turning Right. Turn Right > > onto 7th Street. You can't miss it. Total Distance: 0.3 miles. > > aminil@us.ibm.com wrote: > > > > > The Extensible Proxy website mentions a dinner (Thursday) at the IETF > > > meeting for interested parties. > > > > > > Has the time and place been decided upon? > > > > > > Thanks, > > > Lisa From owner-ietf-openproxy Thu Aug 3 13:37:41 2000 Received: by ns.secondary.com (8.9.3/8.9.3) id NAA24371 for ietf-openproxy-bks; Thu, 3 Aug 2000 13:37:41 -0700 (PDT) Received: from mail-green.research.att.com (H-135-207-30-103.research.att.com [135.207.30.103]) by ns.secondary.com (8.9.3/8.9.3) with ESMTP id NAA24367 for ; Thu, 3 Aug 2000 13:37:40 -0700 (PDT) Received: from alliance.research.att.com (alliance.research.att.com [135.207.26.26]) by mail-green.research.att.com (Postfix) with ESMTP id 4D1541E002 for ; Thu, 3 Aug 2000 16:41:28 -0400 (EDT) Received: from windsor.research.att.com (windsor.research.att.com [135.207.26.46]) by alliance.research.att.com (8.8.7/8.8.7) with ESMTP id QAA20558 for ; Thu, 3 Aug 2000 16:41:27 -0400 (EDT) Received: from windsor.research.att.com (localhost [127.0.0.1]) by windsor.research.att.com (8.8.8+Sun/8.8.5) with ESMTP id QAA23444 for ; Thu, 3 Aug 2000 16:41:27 -0400 (EDT) Message-Id: <200008032041.QAA23444@windsor.research.att.com> From: Fred Douglis To: openproxy Subject: Re: IETF meeting dinner In-reply-to: Your message of "Wed, 02 Aug 2000 13:49:06 PDT." <39888942.168D40DA@condry.org> X-URI: http://www.research.att.com/~douglis/ Date: Thu, 03 Aug 2000 16:41:27 -0400 Sender: owner-ietf-openproxy@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: >No, just come. Do you know the info? > >For a BOF discussion group, Have a reservation for dinner at 5:45 on >Thursday. >I hope you can attend. > >Directions to Tambellini's Restaurant: (139 7th St., PGH, PA 15222) >From Convention Center start going West on Penn Ave. towards 9th Street >by turning Right. Turn Right >onto 7th Street. Total Distance: 0.3 miles. Whose name is this under? I called the restaurant to confirm that shorts would be acceptible, but first I tried to identify the group I was joining, and we couldn't figure out what reservation it was. Fred From owner-ietf-openproxy Thu Aug 3 13:55:54 2000 Received: by ns.secondary.com (8.9.3/8.9.3) id NAA24751 for ietf-openproxy-bks; Thu, 3 Aug 2000 13:55:54 -0700 (PDT) Received: from mercury.Sun.COM (mercury.Sun.COM [192.9.25.1]) by ns.secondary.com (8.9.3/8.9.3) with ESMTP id NAA24747 for ; Thu, 3 Aug 2000 13:55:53 -0700 (PDT) Received: from sunmail1.Sun.COM ([129.145.1.2]) by mercury.Sun.COM (8.9.3+Sun/8.9.3) with ESMTP id NAA16728; Thu, 3 Aug 2000 13:59:35 -0700 (PDT) Received: from jurassic.eng.sun.com (jurassic.Eng.Sun.COM [129.146.84.31]) by sunmail1.Sun.COM (8.9.1b+Sun/8.9.1/ENSMAIL,v1.6.1-sunmail1) with ESMTP id NAA18075; Thu, 3 Aug 2000 13:59:35 -0700 (PDT) Received: from condry.org (hobo133.Eng.Sun.COM [129.146.31.133]) by jurassic.eng.sun.com (8.10.2+Sun/8.10.2) with ESMTP id e73KxXH119562; Thu, 3 Aug 2000 13:59:33 -0700 (PDT) Message-ID: <3989DC22.8CB719AC@condry.org> Date: Thu, 03 Aug 2000 13:54:58 -0700 From: "Michael W. Condry" X-Mailer: Mozilla 4.73 [en] (Win98; U) X-Accept-Language: en,pdf,zh,zh-CN,zh-TW MIME-Version: 1.0 To: Fred Douglis CC: openproxy Subject: Re: IETF meeting dinner References: <200008032041.QAA23444@windsor.research.att.com> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-ietf-openproxy@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: Its probably under my name (Michael Condry) or the local Sun Admin's name (Mary Ann Willard). Fred Douglis wrote: > >No, just come. Do you know the info? > > > >For a BOF discussion group, Have a reservation for dinner at 5:45 on > >Thursday. > >I hope you can attend. > > > >Directions to Tambellini's Restaurant: (139 7th St., PGH, PA 15222) > >From Convention Center start going West on Penn Ave. towards 9th Street > >by turning Right. Turn Right > >onto 7th Street. Total Distance: 0.3 miles. > > Whose name is this under? I called the restaurant to confirm that shorts > would be acceptible, but first I tried to identify the group I was joining, > and we couldn't figure out what reservation it was. > > Fred From owner-ietf-openproxy Tue Aug 15 15:40:47 2000 Received: by ns.secondary.com (8.9.3/8.9.3) id PAA16903 for ietf-openproxy-bks; Tue, 15 Aug 2000 15:40:47 -0700 (PDT) Received: from mercury.Sun.COM (mercury.Sun.COM [192.9.25.1]) by ns.secondary.com (8.9.3/8.9.3) with ESMTP id PAA16899 for ; Tue, 15 Aug 2000 15:40:46 -0700 (PDT) Received: from sunmail1.Sun.COM ([129.145.1.2]) by mercury.Sun.COM (8.9.3+Sun/8.9.3) with ESMTP id PAA22348; Tue, 15 Aug 2000 15:40:33 -0700 (PDT) Received: from jurassic.eng.sun.com (jurassic.Eng.Sun.COM [129.146.87.31]) by sunmail1.Sun.COM (8.9.1b+Sun/8.9.1/ENSMAIL,v1.6.1-sunmail1) with ESMTP id PAA06521; Tue, 15 Aug 2000 15:40:32 -0700 (PDT) Received: from viper (viper.Eng.Sun.COM [129.146.88.132]) by jurassic.eng.sun.com (8.11.0+Sun/8.11.0) with SMTP id e7FMeSo942823; Tue, 15 Aug 2000 15:40:29 -0700 (PDT) Message-Id: <200008152240.e7FMeSo942823@jurassic.eng.sun.com> Date: Tue, 15 Aug 2000 15:41:08 -0700 (PDT) From: Michael Condry Reply-To: Michael Condry Subject: Re: What's up? To: cache@Sun.COM, dave@digisle.net Cc: ietf-openproxy@imc.org MIME-Version: 1.0 Content-Type: TEXT/plain; charset=us-ascii Content-MD5: CaYphFQjtS+Ol7LUMG80/A== X-Mailer: dtmail 1.3.0 @(#)CDE Version 1.4 SunOS 5.8 sun4u sparc Sender: owner-ietf-openproxy@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: Just a reminder, ietf-openproxy@imc.org is really the official mailing list. Will the original cache@sun.com team please move there. Send mail to: ietf-openproxy-request@imc.org with subsribe in the body. Or mail Majordomo@imc.org with subsribe ietf-openproxy NAME where NAME is your email. Workshop 1. One paper is in. 2. I am doing a paper on architecture/examples. 3. Dave, can you help to start a panel of "real users" on want are the requirements? 4. Can someone look at the rules? What about following the same model as XML Schemas? Can we use XML Schemas? Others? From owner-ietf-openproxy Fri Aug 25 15:33:41 2000 Received: (from majordomo@localhost) by ns.secondary.com (8.9.3/8.9.3) id PAA00172 for ietf-openproxy-bks; Fri, 25 Aug 2000 15:33:41 -0700 (PDT) Received: from mercury.Sun.COM (mercury.Sun.COM [192.9.25.1]) by ns.secondary.com (8.9.3/8.9.3) with ESMTP id PAA00167 for ; Fri, 25 Aug 2000 15:33:39 -0700 (PDT) Received: from sunmail1.Sun.COM ([129.145.1.2]) by mercury.Sun.COM (8.9.3+Sun/8.9.3) with ESMTP id PAA01708 for ; Fri, 25 Aug 2000 15:34:17 -0700 (PDT) Received: from jurassic.eng.sun.com (jurassic.Eng.Sun.COM [129.146.82.166]) by sunmail1.Sun.COM (8.9.1b+Sun/8.9.1/ENSMAIL,v1.6.1-sunmail1) with ESMTP id PAA28657 for ; Fri, 25 Aug 2000 15:34:17 -0700 (PDT) Received: from viper (viper.Eng.Sun.COM [129.146.88.132]) by jurassic.eng.sun.com (8.11.0+Sun/8.11.0) with SMTP id e7PMY9K673624; Fri, 25 Aug 2000 15:34:11 -0700 (PDT) Message-Id: <200008252234.e7PMY9K673624@jurassic.eng.sun.com> Date: Fri, 25 Aug 2000 15:34:53 -0700 (PDT) From: Michael Condry Reply-To: Michael Condry Subject: Workshop, details. To: ietf-openproxy@imc.org Cc: Cherie.Bibich@Eng.Sun.COM, Juanita.Tapia@Eng.Sun.COM MIME-Version: 1.0 Content-Type: MULTIPART/mixed; BOUNDARY=Hover_of_Trout_302_000 X-Mailer: dtmail 1.3.0 @(#)CDE Version 1.4 SunOS 5.8 sun4u sparc Sender: owner-ietf-openproxy@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: --Hover_of_Trout_302_000 Content-Type: TEXT/plain; charset=us-ascii Content-MD5: e9lpsFNLu+xh62APYJuGBQ== Workshop on Sophisticated Content Services for the Network: Extensible Proxies This is an informal workshop to define a new platform for the Internet, one that is essential for engineering the delivery of sophisticated content forms and is also essential for bringing a new level of sophistication to content delivery. We are seeking participants who can bring to bear architectural innovations, new services ideas, and to either inspire or be inspired by a new direction in the evolution of the Internet. * Where and When * Hotel Accomodations * Registration * September 12, 2000 Dinner * Papers, Panels, and Discussions Where and When: September 13, 2000 Silicon Valley Conference Center 2161 N. First Street San Jose, California Map Hotel Accomodations No formal hotel, some local ones are: Doubletree Hotel 2050 Gateway Place Hanford Hotel San Jose, CA 1755 N 1st St 95110-1047 San Jose, CA 95112 Phone: (408) Phone: (408) 453-3133 453-4000 Registration Process Please confirm with an email to condry@condry.org by Sept 7th. There is no resistration costs. All confirmed attendees will be provided a complementary lunch during the conference. September 12, 2000 Dinner Many attendees will be arriving on September 12. I have a reservation at 7:30 pm at Il Fornaio Cucina Italiana 302 S Market St San Jose, CA 95113 (408) 271-3366 Map Papers, Panels, and Discussions The discussions will focus on issues surrounding the concepts of adding sophistacted services in the network through extensible proxies, the basic requements being defined in the Internet-Draft http://www.ietf.org/internet-drafts/draft-tomlinson-epsfw-00.txt Here are some presentations and panels: We are seeing volenteers for being on the following panels * Security * Common services and operating environment for proxylets and cachelets * Specification methods for dynamic services * Architectural viewpoint: minimalist vs. rich Other Presetations * Active net security * Architecure and Use Cases * Active Names for caching proxies * funnelWeb - Application Layer Active Networking * A Platform for Content Delivery and Enhanced Services --Hover_of_Trout_302_000 Content-Type: APPLICATION/octet-stream; name="workshop.html"; x-unix-mode=0644 Content-Transfer-Encoding: BASE64 Content-Description: workshop.html Content-MD5: RP8taYpGAuEcvsu2IPb+Iw== PCFkb2N0eXBlIGh0bWwgcHVibGljICItLy93M2MvL2R0ZCBodG1sIDQuMCB0 cmFuc2l0aW9uYWwvL2VuIj4KPGh0bWw+CjxoZWFkPgogICA8bWV0YSBodHRw LWVxdWl2PSJDb250ZW50LVR5cGUiIGNvbnRlbnQ9InRleHQvaHRtbDsgY2hh cnNldD1pc28tODg1OS0xIj4KICAgPG1ldGEgbmFtZT0iQXV0aG9yIiBjb250 ZW50PSJtaWNoYWVsIGNvbmRyeSI+CiAgIDxtZXRhIG5hbWU9IkdFTkVSQVRP UiIgY29udGVudD0iTW96aWxsYS80LjUxIFtlbl0gKFgxMTsgVTsgU3VuT1Mg NS44IHN1bjR1KSBbTmV0c2NhcGVdIj4KPC9oZWFkPgo8Ym9keSB0ZXh0PSIj MDAwMDAwIiBiZ2NvbG9yPSIjRkZGRkZGIiBsaW5rPSIjMDAwMEZGIiB2bGlu az0iIzk5MDA2NiIgYWxpbms9IiNGRjAwMDAiPgombmJzcDsKPGNlbnRlcj4K PGR0Pgo8Zm9udCBzaXplPSszPldvcmtzaG9wIG9uPC9mb250PjwvZHQ+PC9j ZW50ZXI+Cgo8Y2VudGVyPgo8ZHQ+Cjxmb250IHNpemU9KzQ+U29waGlzdGlj YXRlZCBDb250ZW50IFNlcnZpY2VzIGZvciB0aGUgTmV0d29yazo8L2ZvbnQ+ PC9kdD48L2NlbnRlcj4KCjxjZW50ZXI+CjxkdD4KPGZvbnQgc2l6ZT0rND5F eHRlbnNpYmxlIFByb3hpZXM8L2ZvbnQ+PC9kdD48L2NlbnRlcj4KCjxwPjxi cj4KPHA+VGhpcyBpcyBhbiBpbmZvcm1hbCB3b3Jrc2hvcCB0byBkZWZpbmUg YSBuZXcgcGxhdGZvcm0gZm9yIHRoZSBJbnRlcm5ldCwKb25lIHRoYXQgaXMg ZXNzZW50aWFsIGZvciBlbmdpbmVlcmluZyB0aGUgZGVsaXZlcnkgb2Ygc29w aGlzdGljYXRlZCBjb250ZW50CmZvcm1zIGFuZCBpcyBhbHNvIGVzc2VudGlh bCBmb3IgYnJpbmdpbmcgYSBuZXcgbGV2ZWwgb2Ygc29waGlzdGljYXRpb24K dG8gY29udGVudCBkZWxpdmVyeS4mbmJzcDsgV2UgYXJlIHNlZWtpbmcgcGFy dGljaXBhbnRzIHdobyBjYW4gYnJpbmcgdG8KYmVhciBhcmNoaXRlY3R1cmFs IGlubm92YXRpb25zLCBuZXcgc2VydmljZXMgaWRlYXMsIGFuZCB0byBlaXRo ZXIgaW5zcGlyZQpvciBiZSBpbnNwaXJlZCBieSBhIG5ldyBkaXJlY3Rpb24g aW4gdGhlIGV2b2x1dGlvbiBvZiB0aGUgSW50ZXJuZXQuCjxicj4mbmJzcDsK PHVsPgo8bGk+CjxhIGhyZWY9IiNXaGVyZSBhbmQgV2hlbiI+V2hlcmUgYW5k IFdoZW48L2E+PC9saT4KCjxsaT4KPGEgaHJlZj0iI0hvdGVsIEFjY29tb2Rh dGlvbnMiPkhvdGVsIEFjY29tb2RhdGlvbnM8L2E+PC9saT4KCjxsaT4KPGEg aHJlZj0iI1JlZ2lzdHJhdGlvbiI+UmVnaXN0cmF0aW9uPC9hPjwvbGk+Cgo8 bGk+CjxhIGhyZWY9IiNTZXB0ZW1iZXIgMTIsIDIwMDAgRGlubmVyIj5TZXB0 ZW1iZXIgMTIsIDIwMDAgRGlubmVyPC9hPjwvbGk+Cgo8bGk+CjxhIGhyZWY9 IiNQYXBlcnMsIFBhbmVscywgYW5kIERpc2N1c3Npb25zIj5QYXBlcnMsIFBh bmVscywgYW5kIERpc2N1c3Npb25zPC9hPjwvbGk+CjwvdWw+Cgo8YnI+Jm5i c3A7CjxwPjxhIE5BTUU9IldoZXJlIGFuZCBXaGVuIj48L2E+PGZvbnQgc2l6 ZT0rMj5XaGVyZSBhbmQgV2hlbjo8L2ZvbnQ+CjxibG9ja3F1b3RlPjxmb250 IHNpemU9KzE+U2VwdGVtYmVyIDEzLCAyMDAwPC9mb250Pgo8YnI+PGZvbnQg c2l6ZT0rMT5TaWxpY29uIFZhbGxleSBDb25mZXJlbmNlIENlbnRlcjwvZm9u dD4KPGJyPjxmb250IHNpemU9KzE+MjE2MSBOLiBGaXJzdCBTdHJlZXQ8L2Zv bnQ+Cjxicj48Zm9udCBzaXplPSsxPlNhbiBKb3NlLCBDYWxpZm9ybmlhPC9m b250Pgo8cD48Zm9udCBzaXplPSsxPjxhIGhyZWY9Imh0dHA6Ly93d3cubWFw cXVlc3QuY29tL2NnaS1iaW4vaWFfZmluZD9saW5rPWJ0d24lMkZ0d24tbWFw X3Jlc3VsdHMmcmFuZG9tPTk3NSZldmVudD1maW5kX3NlYXJjaCZ1aWQ9dWJl YWlhazJsZXpjeTZoZSUzQXJsMXkxMDF6dCZTTlZEYXRhPTNtYWQzLTkuZnkl MjUyOGF0MnU2N18lMjUyOWY4MnU2NyUyNTNiYWg3LSUyNTNkJTI1M2ElMjUy OF8lMjUzZCUyNTNhYmFkNjcyJTI1M2QlMjUzZDFzdTY3MiUyNTNkMCUyQ3Ji JTI1M2I3JmNvdW50cnk9VW5pdGVkK1N0YXRlcyZhZGRyZXNzPTIxNjErTi4r Rmlyc3QrU3RyZWV0JmNpdHk9U2FuK0pvc2UlMkMrQ0EmU3RhdGU9Q0EmWmlw PSZGaW5kK01hcD1HZXQrTWFwIj5NYXA8L2E+PC9mb250PjwvYmxvY2txdW90 ZT4KCjxwPjxicj48YSBOQU1FPSJIb3RlbCBBY2NvbW9kYXRpb25zIj48L2E+ PGZvbnQgc2l6ZT0rMj5Ib3RlbCBBY2NvbW9kYXRpb25zPC9mb250Pgo8YnI+ PGZvbnQgc2l6ZT0rMT5ObyBmb3JtYWwgaG90ZWwsIHNvbWUgbG9jYWwgb25l cyBhcmU6PC9mb250Pgo8YnI+Jm5ic3A7CjxjZW50ZXI+PHRhYmxlIEJPUkRF UiBDT0xTPTIgV0lEVEg9IjYwJSIgTk9TQVZFID4KPHRyIE5PU0FWRT4KPHRk IE5PU0FWRT48Zm9udCBzaXplPSsxPkRvdWJsZXRyZWUgSG90ZWwmbmJzcDs8 L2ZvbnQ+Cjxicj48Zm9udCBzaXplPSsxPjIwNTAgR2F0ZXdheSBQbGFjZTwv Zm9udD4KPGJyPjxmb250IHNpemU9KzE+U2FuIEpvc2UsIENBIDk1MTEwLTEw NDc8L2ZvbnQ+Cjxicj48Zm9udCBzaXplPSsxPlBob25lOiAoNDA4KSA0NTMt NDAwMCZuYnNwOzwvZm9udD48L3RkPgoKPHRkPjxmb250IHNpemU9KzE+SGFu Zm9yZCBIb3RlbDwvZm9udD4KPGJyPjxmb250IHNpemU9KzE+MTc1NSBOIDFz dCBTdDwvZm9udD4KPGJyPjxmb250IHNpemU9KzE+U2FuIEpvc2UsIENBIDk1 MTEyPC9mb250Pgo8YnI+PGZvbnQgc2l6ZT0rMT5QaG9uZTogKDQwOCkgNDUz LTMxMzM8L2ZvbnQ+PC90ZD4KPC90cj4KPC90YWJsZT48L2NlbnRlcj4KCjxi cj4mbmJzcDsKPHA+PGEgTkFNRT0iUmVnaXN0cmF0aW9uIj48L2E+PGZvbnQg c2l6ZT0rMj5SZWdpc3RyYXRpb24gUHJvY2VzczwvZm9udD4KPGJyPlBsZWFz ZSBjb25maXJtIHdpdGggYW4mbmJzcDsgZW1haWwgdG8gY29uZHJ5QGNvbmRy eS5vcmcgYnkgU2VwdCA3dGguClRoZXJlIGlzIG5vIHJlc2lzdHJhdGlvbiBj b3N0cy4gQWxsIGNvbmZpcm1lZCBhdHRlbmRlZXMgd2lsbCBiZSBwcm92aWRl ZAphIGNvbXBsZW1lbnRhcnkgbHVuY2ggZHVyaW5nIHRoZSBjb25mZXJlbmNl Lgo8cD48YSBOQU1FPSJTZXB0ZW1iZXIgMTIsIDIwMDAgRGlubmVyIj48L2E+ PGZvbnQgc2l6ZT0rMj5TZXB0ZW1iZXIgMTIsCjIwMDAgRGlubmVyPC9mb250 Pgo8YnI+TWFueSBhdHRlbmRlZXMgd2lsbCBiZSBhcnJpdmluZyBvbiBTZXB0 ZW1iZXIgMTIuCjxwPkkgaGF2ZSBhIHJlc2VydmF0aW9uIGF0IDc6MzAgcG0g YXQKPGJsb2NrcXVvdGU+CjxibG9ja3F1b3RlPklsIEZvcm5haW8gQ3VjaW5h IEl0YWxpYW5hCjxicj4zMDIgUyBNYXJrZXQgU3QKPGJyPlNhbiBKb3NlLCBD QSA5NTExMwo8YnI+KDQwOCkgMjcxLTMzNjYKPHA+PGEgaHJlZj0iaHR0cDov L3lwLnlhaG9vLmNvbS9weS95cE1hcC5weT9QeXQ9VHlwJnR1aWQ9MTAwMzY2 MzImY2l0eT1TYW4rSm9zZSZzdGF0ZT1DQSZzbHQ9MzcuMzM1MzAwJnNsbj0t MTIxLjg5Mzg5OCZjcz00Ij5NYXA8L2E+PC9ibG9ja3F1b3RlPgo8L2Jsb2Nr cXVvdGU+Cgo8cD48YSBOQU1FPSJQYXBlcnMsIFBhbmVscywgYW5kIERpc2N1 c3Npb25zIj48L2E+PGZvbnQgc2l6ZT0rMj5QYXBlcnMsClBhbmVscywgYW5k IERpc2N1c3Npb25zPC9mb250Pgo8YnI+VGhlIGRpc2N1c3Npb25zIHdpbGwg Zm9jdXMgb24gaXNzdWVzIHN1cnJvdW5kaW5nIHRoZSBjb25jZXB0cyBvZiBh ZGRpbmcKc29waGlzdGFjdGVkIHNlcnZpY2VzIGluIHRoZSBuZXR3b3JrIHRo cm91Z2ggZXh0ZW5zaWJsZSBwcm94aWVzLCB0aGUgYmFzaWMKcmVxdWVtZW50 cyBiZWluZyBkZWZpbmVkIGluIHRoZSBJbnRlcm5ldC1EcmFmdCZuYnNwOyA8 YSBocmVmPSJodHRwOi8vd3d3LmlldGYub3JnL2ludGVybmV0LWRyYWZ0cy9k cmFmdC10b21saW5zb24tZXBzZnctMDAudHh0Ij5odHRwOi8vd3d3LmlldGYu b3JnL2ludGVybmV0LWRyYWZ0cy9kcmFmdC10b21saW5zb24tZXBzZnctMDAu dHh0PC9hPgo8cD5IZXJlIGFyZSBzb21lIHByZXNlbnRhdGlvbnMgYW5kIHBh bmVsczoKPHA+PGI+V2UgYXJlIHNlZWluZyB2b2xlbnRlZXJzIGZvciBiZWlu ZyBvbiB0aGUgZm9sbG93aW5nIHBhbmVsczwvYj4KPHVsPgo8bGk+ClNlY3Vy aXR5PC9saT4KCjxsaT4KQ29tbW9uIHNlcnZpY2VzIGFuZCBvcGVyYXRpbmcg ZW52aXJvbm1lbnQgZm9yIHByb3h5bGV0cyBhbmQgY2FjaGVsZXRzPC9saT4K CjxsaT4KU3BlY2lmaWNhdGlvbiBtZXRob2RzIGZvciBkeW5hbWljIHNlcnZp Y2VzPC9saT4KCjxsaT4KQXJjaGl0ZWN0dXJhbCB2aWV3cG9pbnQ6IG1pbmlt YWxpc3QgdnMuIHJpY2g8L2xpPgo8L3VsPgo8Yj5PdGhlciBQcmVzZXRhdGlv bnM8L2I+Cjx1bD4KPGxpPgpBY3RpdmUgbmV0IHNlY3VyaXR5PC9saT4KCjxs aT4KQXJjaGl0ZWN1cmUgYW5kIFVzZSBDYXNlczwvbGk+Cgo8bGk+CkFjdGl2 ZSBOYW1lcyBmb3IgY2FjaGluZyBwcm94aWVzPC9saT4KCjxsaT4KZnVubmVs V2ViIC0gQXBwbGljYXRpb24gTGF5ZXIgQWN0aXZlIE5ldHdvcmtpbmc8L2xp PgoKPGxpPgpBIFBsYXRmb3JtIGZvciBDb250ZW50IERlbGl2ZXJ5IGFuZCBF bmhhbmNlZCBTZXJ2aWNlczwvbGk+CjwvdWw+Cgo8L2JvZHk+CjwvaHRtbD4K --Hover_of_Trout_302_000-- From owner-ietf-openproxy Tue Sep 5 15:32:57 2000 Received: by ns.secondary.com (8.9.3/8.9.3) id PAA13745 for ietf-openproxy-bks; Tue, 5 Sep 2000 15:32:57 -0700 (PDT) Received: from mercury.Sun.COM (mercury.Sun.COM [192.9.25.1]) by ns.secondary.com (8.9.3/8.9.3) with ESMTP id PAA13738 for ; Tue, 5 Sep 2000 15:32:56 -0700 (PDT) Received: from sunmail1.Sun.COM ([129.145.1.2]) by mercury.Sun.COM (8.9.3+Sun/8.9.3) with ESMTP id PAA25125 for ; Tue, 5 Sep 2000 15:34:29 -0700 (PDT) Received: from jurassic.eng.sun.com (jurassic.Eng.Sun.COM [129.146.83.130]) by sunmail1.Sun.COM (8.9.1b+Sun/8.9.1/ENSMAIL,v1.6.1-sunmail1) with ESMTP id PAA21477 for ; Tue, 5 Sep 2000 15:34:29 -0700 (PDT) Received: from viper (viper.Eng.Sun.COM [129.146.88.132]) by jurassic.eng.sun.com (8.11.1.Beta0+Sun/8.11.1.Beta0) with SMTP id e85MYPk942921 for ; Tue, 5 Sep 2000 15:34:26 -0700 (PDT) Message-Id: <200009052234.e85MYPk942921@jurassic.eng.sun.com> Date: Tue, 5 Sep 2000 15:35:11 -0700 (PDT) From: Michael Condry Reply-To: Michael Condry Subject: Workshop To: ietf-openproxy@imc.org MIME-Version: 1.0 Content-Type: TEXT/plain; charset=us-ascii Content-MD5: YJ/TNhjNPUxWkX2OUGQxJg== X-Mailer: dtmail 1.3.0 @(#)CDE Version 1.4 SunOS 5.8 sun4u sparc Sender: owner-ietf-openproxy@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: I have lots of positive replies for the workshop. Make sure you get to me. I understand there have been some hotel problem. Try Day's inn or other Web based ones. Michael http://www.extproxy.org From owner-ietf-openproxy Thu Sep 7 15:46:18 2000 Received: by ns.secondary.com (8.9.3/8.9.3) id PAA28676 for ietf-openproxy-bks; Thu, 7 Sep 2000 15:46:18 -0700 (PDT) Received: from havoc.entera.com (havoc.entera.com [206.165.109.130]) by ns.secondary.com (8.9.3/8.9.3) with ESMTP id PAA28672 for ; Thu, 7 Sep 2000 15:46:18 -0700 (PDT) Received: from exchange.entera.com ([206.165.109.233]) by havoc.entera.com (Post.Office MTA v3.5.3 release 223 ID# 0-68752U400L100S0V35) with ESMTP id com for ; Thu, 7 Sep 2000 15:48:32 -0700 Received: by exchange.entera.com with Internet Mail Service (5.5.2650.21) id ; Thu, 7 Sep 2000 15:46:09 -0700 Message-ID: <733880CDF866D3118C69005004D1701EDD554C@exchange.entera.com> From: garyt@entera.com (Gary Tomlinson) To: ietf-openproxy@imc.org Subject: IEST Interest in our draft Date: Thu, 7 Sep 2000 15:45:59 -0700 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2650.21) Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by ns.secondary.com id PAA28673 Sender: owner-ietf-openproxy@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: Here is message posted by Patrik Faltsrom to the WREC list. It looks like there interest brewing around our work. Gary -----Original Message----- From: Patrik F�ltstr�m [mailto:paf@cisco.com] Sent: Thursday, September 07, 2000 12:20 PM To: wrec@cs.utk.edu Subject: Middlebox Features The IESG is worried about "middlebox features" which comes up all over the place. Just all over. The way people think about early TCP termination, "front-ending SSL connections so the SSL is not all the way to the server", ...etc might not all the time work well in todays design of the Internet. Is this trend driven by customers to companies asking for features without knowing what they are asking for? Because, companies only make products which customers buy, right? ;-) We ask if not the WREC wg is the closest group we have on looking into these issues, and hope that the WREC wg will try to design functionality which is needed without jumping through too many loops and bending themselves backwards, violating the ground principles of end-to-end-communication which the IESG and IAB belive is needed for fundamental architectual things to work (like IPSEC etc). One document we have found is draft-tomlinson-epsfw-00.txt, which we think is interesting because it is discussing some of these issues (yes, I know it was on the agenda at the last IETF... :-) Can you please in the work you do on rechartering think about these "middleware feature" thing, and whether you should not include some wording about that in your charter? We also would like you to have a look at draft-tomlinson-epsfw-00.txt and deside if you should have that document as part of what you work items (so it gets proper review at least)? Regards, Patrik Area Director, Applications Area From owner-ietf-openproxy Fri Sep 8 13:45:04 2000 Received: by ns.secondary.com (8.9.3/8.9.3) id NAA00569 for ietf-openproxy-bks; Fri, 8 Sep 2000 13:45:04 -0700 (PDT) Received: from lukla.Sun.COM (lukla.Sun.COM [192.18.98.31]) by ns.secondary.com (8.9.3/8.9.3) with ESMTP id NAA00555 for ; Fri, 8 Sep 2000 13:44:54 -0700 (PDT) Received: from engmail4.Eng.Sun.COM ([129.144.134.6]) by lukla.Sun.COM (8.9.3+Sun/8.9.3) with ESMTP id OAA22507; Fri, 8 Sep 2000 14:46:29 -0600 (MDT) Received: from nasnfs.eng.sun.com (nasnfs.Eng.Sun.COM [10.6.84.20]) by engmail4.Eng.Sun.COM (8.9.3+Sun/8.9.3/ENSMAIL,v1.7) with ESMTP id NAA21346; Fri, 8 Sep 2000 13:46:20 -0700 (PDT) Received: from gaelic (gaelic [129.146.122.130]) by nasnfs.eng.sun.com (8.9.3+Sun/8.9.1) with SMTP id NAA06014; Fri, 8 Sep 2000 13:45:08 -0700 (PDT) Message-Id: <200009082045.NAA06014@nasnfs.eng.sun.com> Date: Fri, 8 Sep 2000 13:45:08 -0700 (PDT) From: Juanita Tapia Reply-To: Juanita Tapia Subject: Re: list of attendees - please review asap To: ietf-openproxy@imc.org Cc: condry@condry.org, geoffrey.baehr@Eng.Sun.COM, juanita.tapia@Eng.Sun.COM MIME-Version: 1.0 Content-Type: TEXT/plain; charset=us-ascii Content-MD5: WBRcDdWfFxp2WDBEhr6TeA== X-Mailer: dtmail 1.3.0 CDE Version 1.3 SunOS 5.7 sun4u sparc Sender: owner-ietf-openproxy@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: Hello, Here is a list of folks who signed up for the conference, please let me (juanita.tapia@sun.com) know if you are missing or if you will be attending dinner. Thanks! Name Company Dinner ----- ------- ------ 1. Atanu Ggosh 2. M. O'Doherty 3. Sandeep Sibal AT&T Labs Research 4. Steve Moyer Fringent Technologies 5. Markus Hofmann Bell-Labs 6. John Scharber 7. Ned Freed Innosoft.com 8. Micah Beck Lokomo Systems 9. Daye McManus Catchpole 10. Lisa Amini IBM TJ Watson Research Center Yes 11. Kurt Kovach Novell Not coming 12. Ian Cooper Equinix Yes 13. Dave Farber Digisle 14. Oskar Batuner Mirror Image Internet, Inc. Not sure 15. Steve Schwab Tislabs No 16. Mark Nottingham Akamai Technologies 17. Alex Shah Velocigen 18. Atanu Socs 19. D. Grossman 20. Sylvain Duloutre 21. Jussi Kangasharju AT&T Labs Research 22. Mike Dahlin University of Texas 23. Don Gillies Network Appliance, Inc. 24. John Chung-I Chuang University of California at Berkeley 25. Katherine Guo Dnrc.bell-labs Yes 26. Nick Okasinski No 27. Gary Tomlinson Entera, Inc. 28. Don Gilletti Entera, Inc. 29. Mark Green Entera, Inc. 30. John Scharber Entera, Inc. 31. Senthil Kumar Sun 32. Michael Condry Sun Yes 33. Hilarie Orman Novell Yes Thanks, Juanita _/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/ Juanita Tapia Sun Microsystems - Sun Labs 15 Network Circle Menlo Park, CA. 94025 (650) 786-3382 Phone (650) 786-6445 Fax From owner-ietf-openproxy Sat Sep 9 21:28:15 2000 Received: (from majordomo@localhost) by ns.secondary.com (8.9.3/8.9.3) id VAA03535 for ietf-openproxy-bks; Sat, 9 Sep 2000 21:28:15 -0700 (PDT) Received: from ruby.digisle.com (ruby.digisle.net [167.216.192.43] (may be forged)) by ns.secondary.com (8.9.3/8.9.3) with ESMTP id VAA03531 for ; Sat, 9 Sep 2000 21:28:10 -0700 (PDT) Received: from guinness.digisle.net (guinness.digisle.net [167.216.152.33]) by ruby.digisle.com (8.9.3/8.9.3/mx) with ESMTP id EAA16790; Sun, 10 Sep 2000 04:29:34 GMT Received: from digitalisland.net (dhcp-172-16-66-204-vpn-sj.digisle.com [172.16.66.204]) by guinness.digisle.net (8.9.3/8.9.3/digisle) with ESMTP id EAA17572; Sun, 10 Sep 2000 04:29:24 GMT Message-ID: <39BB0E71.F9957557@digitalisland.net> Date: Sat, 09 Sep 2000 21:30:41 -0700 From: Dave Farber Organization: Digital Island X-Mailer: Mozilla 4.61 [en] (Win98; I) X-Accept-Language: en MIME-Version: 1.0 To: Gary Tomlinson CC: ietf-openproxy@imc.org Subject: Re: IEST Interest in our draft References: <733880CDF866D3118C69005004D1701EDD554C@exchange.entera.com> Content-Type: multipart/mixed; boundary="------------3235AEE33F19F4AEF39AE11B" Sender: owner-ietf-openproxy@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: This is a multi-part message in MIME format. --------------3235AEE33F19F4AEF39AE11B Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Gary Tomlinson wrote: > > Here is message posted by Patrik Faltsrom to the WREC list. It looks like > there interest brewing around our work. The following ad for iBAND arrived in my mailbox within hours of your message, and seems to be making a similar point: -----Original Message----- From: Jason Utz Sent: Thu, Sept 7, 2000 2:33 PM Subject: ADV: Intelligent Network Infrastructure - The New Application Service A new virtual network layer is emerging that embraces IP and every other layer upwards. This virtual layer is being seen as the intelligent infrastructure platform for applications and services. It enables better control and prioritization of existing network resources and applications. It provides critical network functionality that supports the roll-out of next generation IP applications. And it is supported by new smarter, more dynamic network management capabilities. "Content Distribution/Delivery", "Application Acceleration", "Intelligent Network Services", "Application Infrastructure", "Dynamic Resource Allocation" and "Smart Bandwidth" are just some of the new concepts being developed in response to new requirements from IP network managers. And they are driving new classes of product features and service capabilities. Perhaps most importantly, this new smart infrastructure platform is being driven by commercial pressures and opportunities confronting managers of IP networks and services. As network planners look to maximize their investments in network infrastructure, increase their efficiencies and design/extend network platforms for new services, the imperatives behind their planning-to-implementation cycles increase. In turn, this puts new pressures on but creates new opportunities for providers of products and services. There's growing evidence that the dynamics of this vortex are bringing into question the way in which Internet standards get created - and whether they get created at all. Intelligent Network Infrastructure, Dynamic Network Management, Multi-layer solutions and challenges to the standards process are key topics being addressed by Judy Estrin of Packet Design and Charles Muirhead of Orchestream and iGabriel.Net in their keynotes at the upcoming iBAND conference. "Internet Infrastructure: Why We Can't Just Paint Over the Cracks" Judy Estrin, CEO , Packet Design, Inc. "Creating, provisioning and managing IP services under massive commercial pressures" Charles Muirhead, founder, Orchestream and iGabriel.Net To learn more about the conference, the multi-vendor network showcase, Birds of a Feather sessions and participants, visit: http://www.stardust.com/iband --------------3235AEE33F19F4AEF39AE11B Content-Type: message/rfc822 Content-Transfer-Encoding: 7bit Content-Disposition: inline Return-Path: Received: from ruby.digisle.com (ruby.digisle.net [167.216.192.43] (may be forged)) by chef.digisle.com (8.9.3/8.9.3/digisle) with ESMTP id WAA03652 for ; Thu, 7 Sep 2000 22:30:21 GMT Received: from ziggy.stardust.com (ns.stardust.com [205.184.205.34]) by ruby.digisle.com (8.9.3/8.9.3/mx) with ESMTP id WAA01791 for ; Thu, 7 Sep 2000 22:30:20 GMT Received: from terra (dhcp204-94.stardust.com [205.184.204.94]) by ziggy.stardust.com (8.9.3/8.9.3/Debian/GNU) with SMTP id OAA29219 for ; Thu, 7 Sep 2000 14:33:05 -0700 Message-Id: <200009072133.OAA29219@ziggy.stardust.com> Date: Thu, 7 Sep 2000 14:33:04 -0700 From: Jason Utz Subject: ADV: Intelligent Network Infrastructure - The New Application Service To: Dave Farber Organization: Stardust.com X-Mailer: GoldMine [4.00.9922] ** Removal Instructions ** If you do not wish to receive future updates, please reply to this message with REMOVE in the subject header. Your e-mail address will be promptly removed. A new virtual network layer is emerging that embraces IP and every other layer upwards. This virtual layer is being seen as the intelligent infrastructure platform for applications and services. It enables better control and prioritization of existing network resources and applications. It provides critical network functionality that supports the roll-out of next generation IP applications. And it is supported by new smarter, more dynamic network management capabilities. "Content Distribution/Delivery", "Application Acceleration", "Intelligent Network Services", "Application Infrastructure", "Dynamic Resource Allocation" and "Smart Bandwidth" are just some of the new concepts being developed in response to new requirements from IP network managers. And they are driving new classes of product features and service capabilities. Perhaps most importantly, this new smart infrastructure platform is being driven by commercial pressures and opportunities confronting managers of IP networks and services. As network planners look to maximize their investments in network infrastructure, increase their efficiencies and design/extend network platforms for new services, the imperatives behind their planning-to-implementation cycles increase. In turn, this puts new pressures on but creates new opportunities for providers of products and services. There's growing evidence that the dynamics of this vortex are bringing into question the way in which Internet standards get created - and whether they get created at all. Intelligent Network Infrastructure, Dynamic Network Management, Multi-layer solutions and challenges to the standards process are key topics being addressed by Judy Estrin of Packet Design and Charles Muirhead of Orchestream and iGabriel.Net in their keynotes at the upcoming iBAND conference. "Internet Infrastructure: Why We Can't Just Paint Over the Cracks" Judy Estrin, CEO , Packet Design, Inc. "Creating, provisioning and managing IP services under massive commercial pressures" Charles Muirhead, founder, Orchestream and iGabriel.Net This move towards more intelligent networks as the platform for new application services creates challenges and opportunities for network planners and business managers. How do you best manage and prioritize IP and application traffic? How do you scale your network and services? How do you measure performance and apply the results dynamically to the allocation of network resources. And how do you take advantage of new sophisticated content routing and management capabilities? The technologies, the trends, the twists and turns and the real business implications of these changes are all the focus of the iBAND conference and showcase, co-located with ISPCON, November 8-10. To learn more about the conference, the multi-vendor network showcase, Birds of a Feather sessions and participants, visit: http://www.stardust.com/iband Pioneers in this area include Agilent, Telseon and Orchestream. You can learn about theirs and other innovative vendor approaches on the exhibit floor at iBAND. If you'd like to sign up to attend the conference, please use code "IB01" We've also gatherered together a collection of resources and perspectives from industry experts for you. You can hear educational sessions given by experts from Cisco, Nortel, InterNAP, IXIA Communications, Deterministic Networks and Aventail. Interviews with pioneers offer even more perspective on these trends. Please note that this information will be available for a limited time only. http://events.stardust.com/iband/resources.htm Best regards, Jason Utz, iBAND at ISPCON & Stardust.com ** Removal Instructions ** If you do not wish to receive future updates from us, please reply to this message with REMOVE in the subject header. Your e-mail address will be promptly removed. --------------3235AEE33F19F4AEF39AE11B-- From owner-ietf-openproxy Mon Sep 11 22:47:58 2000 Received: (from majordomo@localhost) by ns.secondary.com (8.9.3/8.9.3) id WAA03585 for ietf-openproxy-bks; Mon, 11 Sep 2000 22:47:58 -0700 (PDT) Received: from dirty.research.bell-labs.com (dirty.research.bell-labs.com [204.178.16.6]) by ns.secondary.com (8.9.3/8.9.3) with SMTP id WAA03581 for ; Mon, 11 Sep 2000 22:47:55 -0700 (PDT) Received: from bronx.dnrc.bell-labs.com ([135.180.160.8]) by dirty; Tue Sep 12 01:49:56 EDT 2000 Received: from bell-labs.com (dhcp9170.cs.bell-labs.com [135.104.9.170]) by bronx.dnrc.bell-labs.com (8.9.3/8.9.3) with ESMTP id BAA01805; Tue, 12 Sep 2000 01:49:54 -0400 (EDT) Message-ID: <39BDC3D3.4C3273C2@bell-labs.com> Date: Tue, 12 Sep 2000 01:49:07 -0400 From: Markus Hofmann X-Mailer: Mozilla 4.75 [en] (Windows NT 5.0; U) X-Accept-Language: en,de MIME-Version: 1.0 To: ietf-openproxy@imc.org CC: Markus Hofmann , Andre Beck Subject: Write up on Example Services Content-Type: multipart/mixed; boundary="------------331384117FC67BB6BEFF115C" Sender: owner-ietf-openproxy@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: This is a multi-part message in MIME format. --------------331384117FC67BB6BEFF115C Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Hi, when we mentioned our internal notes on service examples in a proxy framework similar to EPSF during Michael's visit at Bell Labs last week, he suggested to forward the notes to the EPSF group for some discussion. So, please find attached a preliminary write-up describing some service examples. Please be aware that the document is NOT an official Internet draft. We put the document together in quite a hurry, just out of the heads - no extensive proofreading, nor checking of correct taxonomy. But it might be useful to have the write up at the workshop in San Jose. If the document is of interest to the group and we get some feedback, we will consider submitting an improved version as Internet draft. -Markus --------------331384117FC67BB6BEFF115C Content-Type: text/plain; charset=iso-8859-1; name="draft-hofmann-isfnep-00.txt" Content-Transfer-Encoding: 8bit Content-Disposition: inline; filename="draft-hofmann-isfnep-00.txt" Network Working Group M. Hofmann Internet Draft A. Beck Expires: February 11, 2001 Bell Laboratories Lucent Technologies Document: draft-hofmann-esfnep-00.txt September 11, 2000 Category: Informational Example Services for Network Edge Proxies draft-hofmann-esfnep-00.txt Status of this Memo This document is not an official Internet-Draft and is not (yet) in full conformance with all provisions of Section 10 of RFC2026 [1]. This document is a preliminary draft, prepared for informal discussion within the EPFSW group. Its purpose is solicitation for comments and feedback that will be helpful in preparing a final version for possible submission as Internet Draft. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF), its areas, and its working groups. Note that other groups may also distribute working documents as Internet- Drafts. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet- Drafts as reference material or to cite them other than as "work in progress." The list of current Internet-Drafts can be accessed at http://www.ietf.org/ietf/1id-abstracts.txt The list of Internet-Draft Shadow Directories can be accessed at http://www.ietf.org/shadow.html. Table of Contents 1 Introduction...................................................2 2 Content Adaptation for Alternate Web Access Devices............3 2.1 Abstract.....................................................3 2.2 Business model...............................................4 2.3 Technical Challenges.........................................4 3 Insertion of Ad Banners........................................4 3.1 Abstract.....................................................4 3.2 Business model...............................................5 3.3 Technical Challenges.........................................5 4 Insertion of Regional Data.....................................5 4.1 Abstract.....................................................5 4.2 Business model...............................................6 4.3 Technical Challenges.........................................6 Hofmann, Beck Expires February 11, 2001 1 Example Services for Network Edge Proxies September 2000 5 Language Translation...........................................6 5.1 Abstract.....................................................6 5.2 Business model...............................................7 5.3 Technical Challenges.........................................7 6 Bandwidth Adaptation...........................................7 6.1 Abstract.....................................................7 6.2 Business model...............................................8 6.3 Technical Challenges.........................................8 7 Virus Scanning.................................................8 7.1 Abstract.....................................................8 7.2 Business model...............................................8 7.3 Technical Challenges.........................................9 8 Content Adaptation for Alternate Browser Types.................9 8.1 Abstract.....................................................9 8.2 Business model..............................................10 8.3 Technical Challenges........................................10 9 Adaptation of Streaming Media.................................10 9.1 Abstract....................................................10 9.2 Business model..............................................10 9.3 Technical Challenges........................................10 10 Caching of Personalized/Customized Web Pages..................10 10.1 Abstract...................................................11 10.2 Business Model.............................................11 10.3 Technical Challenges.......................................11 11 Search Engine Index on Cached Web Pages.......................11 11.1 Abstract...................................................11 11.2 Business model.............................................12 11.3 Technical Challenges.......................................12 12 Request Filtering.............................................12 12.1 Abstract...................................................12 12.2 Business model.............................................12 12.3 Technical Challenges.......................................13 13 Request Filtering through Content Analysis....................13 13.1 Abstract...................................................13 13.2 Business model.............................................13 13.3 Technical Challenges.......................................13 14 Creation of Anonymous User Profiles...........................14 14.1 Abstract...................................................14 14.2 Business model.............................................14 14.3 Technical Challenges.......................................14 15 Author's Addresses............................................14 16 References....................................................16 1 Introduction The rapid growth of the Internet and the increasing number of Internet users have led to a wide deployment of network edge caching proxies. These systems have been very successful in accelerating Web content delivery and reducing the load on origin Web servers. Hofmann, Beck Expires February 11, 2001 2 Example Services for Network Edge Proxies September 2000 However, the specific role of these network edge caching proxies as a gateway between Web users and content providers suggests utilizing them for intelligent services beyond simple caching. There are already a variety of existing or proposed approaches that implement particular services on top of a proxy platform. ICAP [3] extends the basic idea of implementing value-added services on proxies by handling transport of web objects between proxies and content modification servers, thus, enabling remote call out mechanisms. EPSF [2] describes an extended framework to provide general services on top of an open proxy platform. This document discusses several service examples possibly being implemented on top of an open proxy platform as described in [2]. Each of the following service description consists of three subsections: a short abstract that describes the service idea, a description of the underlying business model, and finally a section that mentions technical challenges to be addressed when implementing these services. 2 Content Adaptation for Alternate Web Access Devices 2.1 Abstract Recently there has been an increasing diversity and heterogeneity in terms of the types of client devices and network connections that people use to access the Web. Especially cell phones and PDAs are being used more and more often to access the Internet. However, these appliances are characterized by relatively limited display capabilities, storage, processing power, as well as slow network access. As a result, Internet access is still constrained on these devices and users are limited to only a small fraction of the total number of Web pages available in the Internet today. Users of non- desktop access devices can only view those pages that have been adapted to the specific limitations of the access device the user holds. Since the number of different access devices is growing constantly content providers cannot be expected to provide different versions of their Web pages for each and every Web access device that is available in the market. Therefore it seems reasonable to adapt the general full-fledged Web pages at some point on their way from the origin server to the user so that they are optimized for (or at least adapted to) the end users� specific requirements. Possible adaptations to meet the special requirements of different Web access devices are: - Conversion of HTML pages to WML (Wireless Markup Language) pages - Conversion of JPEG images to black and white GIF images - Conversion of HTML tables to plain text - Reduction of image quality Hofmann, Beck Expires February 11, 2001 3 Example Services for Network Edge Proxies September 2000 - Removal of redundant information - Stripping of Java applets / JavaScript - Audio to text conversion - Video to key frame or video to text conversion - Content extraction 2.2 Business model With the above-mentioned service in place, Web content providers could reach a much wider audience and the manufactures of novel Web access devices could offer potential customers access to a bigger part of the Internet content, which should make a very good selling point. It would encourage more people to buy non-desktop Web access devices like cell phones and PDAs. Once installed this service can be offered as an additional feature to ISP customers who want to access the Web through different Web- enabled devices. Also, content providers might be willing to pay for this service if that meant that they could serve their existing content to more users. 2.3 Technical Challenges We have to ensure that the automatic adaptation process will not make changes to a Web page that are unwanted by either the content provider or the recipient. One approach to achieve this would be to allow the content provider as well as the client to define their preferences as to how they want Web pages to be adapted. The actual adaptation decisions would then be made based on the given preferences and a set of transformation rules. If neither the content provider nor the client has expressed his preferences, it would probably be best to not adapt the requested Web page. If we wanted to allow the Web users and content providers to express their preferences, we would have to find a way of doing this. ISP customers could set their preferences through a Web interface on the ISP Web site. Content providers could express their preferences by adding meta tags to their Web pages. The content provider could for instance offer the content adaptation server a number of alternatives and the content adaptation server could then pick the most appropriate one. The drawback would be the increase in size of Web pages. Another possibility for the content provider would be to provide an adaptation policy to all ISPs that want to adapt Web pages for alternate Web access devices. This policy could consist of general transformation rules or actual code modules that perform the adaptation. 3 Insertion of Ad Banners 3.1 Abstract Hofmann, Beck Expires February 11, 2001 4 Example Services for Network Edge Proxies September 2000 Many Internet companies rely heavily on revenue made by selling advertisement space on their Web pages. In fact, nearly all commercial Web sites have one or more ad banners on their Web pages. Whenever advertisement banners are inserted dynamically depending on who requests the page, they cannot be cached, even when the content of the page itself is static. This behavior prevents Web pages from being cached, although their static content would allow for it. Therefore it seems reasonable to cache the static part of those Web pages at a caching proxy near the client and to insert ad banners into the cached Web pages before serving them to the client. 3.2 Business model This service could be sold to Internet advertising networks. They could profit from less traffic on their own Web servers by distributing the banner images to caching proxies. Also, content providers who do not want to outsource their ad space management and sales might be interested in providing banner images and insertion rules to proxies/content adaptation servers to accelerate the delivery of their Web pages. Recently there have also been a number of ISPs that offer free Internet access to customers. These so-called Free ISPs usually provide Internet access through a special kind of software that displays ad banners on the customers� desktops whenever they are online. An ad insertion module at the caching proxy of the Free ISP could insert ad banners (in addition to any ad banners from the content provider) into every Web page requested by a customer. That way the customers of the Free ISP will not have to install any special software in order to use its service. 3.3 Technical Challenges The caching proxy would have to recognize when and where to insert ad banners into a Web page before serving it to the client. The proxy could for instance scan the Web page for a specific marking (e.g. a special tag). In the case of a Free ISP ad banners would probably always be inserted at the same position (e.g. in a frame at the top of each page) or in a separate pop-up window. If we wanted to insert advertisements based on the user and his interests, we would have to identify the user (by using cookies for example) and create user profiles. The user profiles could also be provided by the content provider. 4 Insertion of Regional Data 4.1 Abstract If a content provider wants to add user-specific regional information (weather forecasts for certain areas for example) to his Hofmann, Beck Expires February 11, 2001 5 Example Services for Network Edge Proxies September 2000 Web pages, he has little choice but to have the user select his location from a list of regions. Usually it is not possible for origin servers to reliably detect from where Web users connect to Web sites because user requests can get routed through a number of proxy servers on their way from the client to the origin server. In a network edge caching proxy environment user requests are usually redirected to the nearest proxy that is available to respond to the request. Regional information that is relevant to all users who are likely to connect to a certain proxy could be stored at the corresponding caching proxy. Whenever the proxy receives a user request, a module on the caching proxy could insert the regional information into the requested Web page. If the Web page does not contain any user-specific non-cacheable content other than the inserted regional information, the Web page content can now be cached for future requests. 4.2 Business model This service could be sold to content providers who want to offer regional information on their Web sites and want to accelerate the delivery of their Web content. There are many cases in which a content provider could profit from knowing the location of the user. Users could be targeted with regional advertisement banners (see also ad insertion scenario). Regional distinctions (e.g. sales taxes, differing laws etc.) could be taken into consideration when the Web pages are prepared for the client. It would not be necessary any more to ask the user for his location prior to presenting him relevant information. 4.3 Technical Challenges The regional content that is to be inserted into the Web pages would have to be distributed to the corresponding caching proxies. Since the regional content represents only a component of a whole Web page, it cannot be cached in the same way a complete Web page can be cached (unless it is an image). We have to find a mechanism to determine when a regional text component needs to be updated (or if the content provider should be responsible for this). 5 Language Translation 5.1 Abstract Soon the majority of all Internet users will be non-English speaking. As most of the current Web content is written in English, it becomes desirable to be able to translate the English content to the Web user�s local language, even if the content provider does not offer translations of his Web content. An automatic translation service for all Web pages could be implemented with an IPWorX content adaptation server. Hofmann, Beck Expires February 11, 2001 6 Example Services for Network Edge Proxies September 2000 The proxy server will recognize the Web user's native language and ask whether the foreign content requested should be translated into the user's native language. If the content is to be translated, the proxy will forward the Web content to a translation server where the page then is automatically translated. The proxy could also locally store translated content eliminating the need to repeat translations for different users. 5.2 Business model The automatic language service will help break language barriers and open new markets for e-commerce. The average non-English speaking Web user will have access to more Web content. ISPs, especially those with customers in non-English speaking countries, could offer this service to their customers. 5.3 Technical Challenges The automatic translation of text found on Web pages is not a trivial task. It will not be possible to translate a Web page automatically without running the risk of rendering parts of it incomprehensible. Worse yet, the original meaning could be changed and it is not said the reader of the translated page will notice the change in meaning. It is questionable whether content providers would even tolerate this kind of translation service. Therefore it is very important that the client authorizes this translation service and is fully aware of its potentially faulty behavior. It should also be considered to mark translated pages in a specific way to remind the user of the machine translation. Other technical challenges include the automatic detection of the language used in the original document and the client�s local language. 6 Bandwidth Adaptation 6.1 Abstract Today, Internet users can choose from a wide variety of Internet connection speeds. Therefore it seems desirable to adapt the requested Web content to the user�s bandwidth. Possible adaptations to reduce the size of Web objects are: - Reduction of image quality - Replacement of images by their ALT text - Removal of redundant information - Removal of HTML comments - Stripping of Java applets / JavaScript - Audio to text conversion - Video to key frame or video to text conversion Hofmann, Beck Expires February 11, 2001 7 Example Services for Network Edge Proxies September 2000 - Text summarizing - Content extraction 6.2 Business model One of the main benefits is to decrease the Web access time for users. If a Web site loads too slowly, users tend to leave the site even before it has completed loading the home page. The improved perceived quality of service by adaptive content delivery means that users are more likely to stay and return, thus resulting in a greater profit for e-commerce sites. This can also result in higher hit rates and return rates, which can lead to higher sales for e- commerce sites and higher advertising revenues. 6.3 Technical Challenges We would have to find a reliable way of measuring the bandwidth between the client and the proxy cache. One way of doing this would be to measure the round trip time (RTT) to determine the connection speed. It is crucial that this bandwidth detection method works more or less exact or otherwise the client will either experience very slow Web browsing or be cut off of some (or all) of the rich Web content. This service requires authorization by the user like any other adaptation service that changes the content and or format of Web pages. The mapping of a user�s connection speed to appropriate page adaptations requires defining a set of adaptation rules. 7 Virus Scanning 7.1 Abstract Viruses, Trojan Horses, and worms have always posed a threat to Internet users. Just recently we have seen a number of e-mail based worms that have hit millions of Internet users worldwide within a few hours. With the help of a content scanning and filtering system at the caching proxy level, Web pages and also file transfers could be scanned for malicious content prior to sending them to the user. In Web pages active content like ActiveX, Java and JavaScript could be scanned for harmful code (e.g. code exploiting security holes). File transfers could be scanned for known viruses. If a virus is found, the adaptation server could try to remove it or deny the delivery of the infected content. A general rule could be that the caching proxy may store and/or deliver content only, if it has been scanned by the content adaptation server and no viruses are found. 7.2 Business model Hofmann, Beck Expires February 11, 2001 8 Example Services for Network Edge Proxies September 2000 This service could be offered as an additional feature to ISP customers who are concerned about security issues. Likewise enterprises could be interested in this solution to prevent any malicious content from entering the company network. 7.3 Technical Challenges Web pages/files should be scanned for viruses by sending them to a separate server where virus-scanning software would analyze them. That way the virus scanning operations will not affect the performance of the caching proxy. If HTTP file transfers are to be scanned for viruses and the requested file cannot be found in the cache, we have to use a different approach than for Web pages. It would not be feasible, if the proxy waited for the requested file to be received completely before sending it over to the content adaptation server for the virus scan. This approach would lead to a long delay at the user�s end, which is not acceptable. Instead, we would have to scan the file transfer continuously, as it is being sent to the user (similar to streaming media). 8 Content Adaptation for Alternate Browser Types 8.1 Abstract The two commonly used Web browsers � Microsoft Internet Explorer and Netscape Navigator � both have proprietary extensions that are not part of any Web standard, but are yet widely used and considered essential by many Web page authors. As these proprietary extensions differ between the Internet Explorer and the Navigator (and even between different browser versions), Web pages have to be adapted in order to work well with both browsers. In the past this has been achieved by either writing two or more versions of the same page or by adding JavaScript to the Web page to alter the page at the client depending on what browser type and version the user is running. Although the Internet Explorer is used by far more users than any other browser type, there is still a substantial number of people who want to or must (UNIX) use alternative browser types. Yet, not all service providers write their Web pages so that they can be viewed with different browser types. A content adaptation module at the caching proxy could provide a remedy for this problem. Prior to serving a page (from the cache or the origin server) to the client, the proxy would send it to the adaptation module along with some client information (browser type and OS) received with the request. The content adaptation module would then make the necessary changes to the page to adapt it to the user�s browser type and send it back to the proxy from where it is served to the client. Hofmann, Beck Expires February 11, 2001 9 Example Services for Network Edge Proxies September 2000 8.2 Business model This service could be offered to ISPs who in turn could offer their customers a browser adaptation service. They could be sure to always receive pages that are optimized for their browser types. The customer should have the option to turn this service off at any time. This approach has the potential of leading to objections by content providers as they lose control over the final layout of their pages. Allowing for a mechanism to mark pages that are not to be touched by the content adaptation server could reduce these concerns. 8.3 Technical Challenges We would have to find general rules of how to convert pages. In order to do this we would have to identify all incompatibilities between the supported browser types and different versions thereof. These rules would have to be fail-safe, especially when they are applied to all requested pages without the page owner�s approval. We would have to recognize if a page contains JavaScript to adapt it to different browser types. If that should be the case, we could either remove the JavaScript and optimize the page for the client�s browser type or leave the page unchanged. 9 Adaptation of Streaming Media 9.1 Abstract Some of the above-mentioned services could not only be applied to Web pages but also to streaming media like audio and video streams. In particular, media streams could be adapted to meet the bandwidth of the user�s connection. It would also be possible to insert pre- recorded advertisements into audio or video streams. Even content analysis and content filtering could be applied to streaming media. 9.2 Business model The business models for streaming media adaptation are similar to those for Web page adaptation services. 9.3 Technical Challenges The adaptation of streaming media will add more complexity to the caching proxy platform and the technical challenges of these kind of services have yet to be explored. 10 Caching of Personalized/Customized Web Pages Hofmann, Beck Expires February 11, 2001 10 Example Services for Network Edge Proxies September 2000 10.1 Abstract Many Web sites (e.g. Yahoo) offer a service where users can create their own personalized version of the Web site (e.g. MyYahoo). It basically means that a user can choose from a number of components (e.g. stock information, weather forecasts, news etc.) and create a personalized Web page with them. This leads to dynamic Web pages that usually cannot be cached. If, however, the components of the personalized Web page could be cached, then it would be possible to have a service module on the server create the user-specific Web pages by assembling the cached Web site components. In that case the origin server would not have to be contacted again and the page could be served to the client directly from the network edge caching proxy. 10.2 Business Model This service would be another method of accelerating the delivery of Web content to the user, particularly the delivery of personalized/customized Web pages that would not be cacheable otherwise. Content providers who offer their customers the possibility of personalizing their Web pages are likely to be willing to pay for this kind of service. 10.3 Technical Challenges We would have to find a caching mechanism for the separate components of the personalized Web pages (unless a component consists of an image only). These components could be stored at the caching proxy. The page components would have to be refreshed just like complete Web page whenever they become stale. 11 Search Engine Index on Cached Web Pages 11.1 Abstract A proxy usually contains the most frequently requested Web pages of the Web users whose Web requests are routed through it. If we indexed the content of all Web pages currently contained in one or more proxies, we would have an index of Web pages that Web users are very likely to request (since they have been the most popular in the past). A search engine based on this index could therefore yield a high hit rate when used by a group of users who have similar interests and usually connect to the same caching proxies. The benefit of this approach would be that the index could be created very fast (there is no Web crawling to do) and that the search results could be returned to the user directly from the network edge caching proxy. The drawback, however, is that this search engine Hofmann, Beck Expires February 11, 2001 11 Example Services for Network Edge Proxies September 2000 would index only a small fraction of the existing Web pages. Web users have to be aware of this fact when they use the cache-based search index service. Another approach would be to display the proxy search results first while a global search engine prepares the results of a global search in the meantime. As soon as the global search results become available, they will be sent to the user. 11.2 Business model The search engine service described above could be sold to big companies who have users with similar interests and want to provide a fast search engine. Companies offering traditional search engines could be interested in combining their services with a cache-based search engine service to accelerate the delivery of their search results. 11.3 Technical Challenges If the cached Web pages of more than one caching proxy were to be indexed, we would have to find a way of replicating the search index to all affected caching proxy servers. 12 Request Filtering 12.1 Abstract The success of Web filtering/blocking systems like NetNanny (http://www.netnanny.com) and WebSense (http://www.websense.com) shows that there is a great need for solutions that let the owner of a Web access device control what kind of Web content can be accessed with his device. Parents, for instance, often demand a means of blocking off offending material when their children browse the Web. Also, companies might want to have control over what kind of Web pages their employees can have access to. Companies might also want to prevent their employees from using the available bandwidth excessively for non-work related activities. A request filtering service could provide a solution for all of the above. If all Web page requests of a specific user are routed through a caching proxy server, the content adaptation server could analyze the requests prior to fulfilling them. The service module would have to identify the user and determine the user�s access level. The next step would be to look up the classification of the requested Web page in a database. 12.2 Business model This service could be offered to enterprises and to ISPs. A database of Web pages that contain offending material could be obtained from companies that have specialized in Web blocking systems. Hofmann, Beck Expires February 11, 2001 12 Example Services for Network Edge Proxies September 2000 12.3 Technical Challenges The database on the proxy caching platform that contains the Web page classifications needs to be updated on a regular basis. If the database is provided by third parties, we have to provide them with a secure way of updating the database. If a Web access device is shared among different users who have different access levels, it is not sufficient to identify the Web access device. Therefore it will probably be necessary that different users of a Web access device use different user accounts. The owner of a Web access device must be able to define and change the access rights of the user(s) of his device. This could be done through a Web interface provided by the ISP/company. 13 Request Filtering through Content Analysis 13.1 Abstract While this service is very similar to the one previously described, it works more dynamically in that the content adaptation server analyzes the Web content once it has been retrieved from either the proxy cache or the origin server prior to sending it to the client. Through the use of sophisticated content analysis algorithms it should be possible to classify the analyzed Web content. If the classification of the Web page matches the user�s access level, the page will be delivered to the client. Otherwise, the client will be denied the page. The analyzed page along with its classification should be stored in the proxy cache so that future requests for the same page do not require the cached Web to be analyzed again. This will result in a better Web page delivery performance for popular Web pages. The main benefit of this approach is that there is no need to provide or maintain lists of forbidden Web sites, a process that per definition must always lag behind the creation of new Web sites. If common characteristics of a category of unwanted Web pages can be defined, it should be possible to automatically detect whether a requested Web page falls in a forbidden category. 13.2 Business model This service could be offered to enterprises and ISPs. The content analysis software could be obtained from software companies that have specialized in this field. 13.3 Technical Challenges In addition to the technical challenges described in the previous service scenario, we would have to find a way of storing the classification information of Web pages once they have been analyzed. One way to do this would be to add a meta tag (possibly using the Resource Description Framework (RDF, Hofmann, Beck Expires February 11, 2001 13 Example Services for Network Edge Proxies September 2000 http://www.w3.org/RDF) specification) with content rating information to a Web page before it is cached. Subsequent requests of the same Web page would then require the request filtering service module to scan the cached Web page for this metadata in order to determine the content rating of the requested page. 14 Creation of Anonymous User Profiles 14.1 Abstract If all Web requests of a certain Web user were routed through a certain caching proxy platform, it would be easy to log them in order to create a profile of the user�s Web browsing behavior. These user profiles could be created anonymously with no personal data (e.g. name or e-mail address) stored in the access log files. Once a sufficient number of requests has been logged by the content adaptation server, we could start analyzing the log files. In most cases it should be possible to derive the user�s interests by analyzing what kind of Web sites the user visits and how often he goes there. 14.2 Business model Companies that want to advertise on Web pages are very interested in knowing more about the recipients of their advertisement campaigns so that they can target their advertisements at people who are interested in the kind of products/services that the company wants to sell. These companies are also willing to pay for information that can help them targeting their campaigns at interested users. As explained above, we could derive the user�s interests from his Web browsing behavior and use this information to send the user only those advertisements that match his interests/needs. This will most likely result in a higher ad banner click-rate per user. This service could be sold separately or in combination with the ad insertion service. 14.3 Technical Challenges The creation of anonymous user profiles requires a mechanism to identify Web users. The ISP could provide a mapping from the user�s (possibly dynamic) IP number to some unique user ID. Another alternative would be to use cookies, provided that the user has not disabled them in his Web browser. 15 Author's Addresses Markus Hofmann Hofmann, Beck Expires February 11, 2001 14 Example Services for Network Edge Proxies September 2000 Bell Labs/Lucent Technologies 101 Crawfords Corner Rd. Holmdel, NJ 07733 Phone: (732) 332-5983 Email: hofmann@bell-labs.com Andre Beck Bell Labs/Lucent Technologies 101 Crawfords Corner Rd. Holmdel, NJ 07733 Phone: (732) 949-1241 Email: abeck@bell-labs.com Hofmann, Beck Expires February 11, 2001 15 Example Services for Network Edge Proxies September 2000 Full Copyright Statement Copyright (C) Lucent Technologies 2000. All Rights Reserved. Copyright will be adjusted when document is submitted as Internet Draft. 16 References 1 Bradner, S., "The Internet Standards Process -- Revision 3", BCP 9, RFC 2026, October 1996. 2 Tomlinson G., Orman H., Condry M., Kempf J. and Farber D., "Extensible Proxy services Framework�, Internet-Draft draft- tomlinson-epsfw-00.txt, work in progress, July 2000. 3 Elson J., Martin J., Sharp E., Schuster J. Cerpa A., Danzig P., Neerdaels C. and Tomlinson G., "ICAP, the Internet Content Adaptation Protocol", external Reference http://www.i- cap.org/icap_v1-25.txt, work in progress, January 2000. Hofmann, Beck Expires February 11, 2001 16 --------------331384117FC67BB6BEFF115C-- From owner-ietf-openproxy Tue Sep 12 09:39:32 2000 Received: by ns.secondary.com (8.9.3/8.9.3) id JAA25338 for ietf-openproxy-bks; Tue, 12 Sep 2000 09:39:32 -0700 (PDT) Received: from mercury.Sun.COM (mercury.Sun.COM [192.9.25.1]) by ns.secondary.com (8.9.3/8.9.3) with ESMTP id JAA25334 for ; Tue, 12 Sep 2000 09:39:31 -0700 (PDT) Received: from sunmail1.Sun.COM ([129.145.1.2]) by mercury.Sun.COM (8.9.3+Sun/8.9.3) with ESMTP id JAA29890 for ; Tue, 12 Sep 2000 09:41:36 -0700 (PDT) Received: from jurassic.eng.sun.com (jurassic.Eng.Sun.COM [129.146.82.166]) by sunmail1.Sun.COM (8.9.1b+Sun/8.9.1/ENSMAIL,v1.6.1-sunmail1) with ESMTP id JAA09368 for ; Tue, 12 Sep 2000 09:41:35 -0700 (PDT) Received: from viper (viper.Eng.Sun.COM [129.146.88.132]) by jurassic.eng.sun.com (8.11.1.Beta0+Sun/8.11.1.Beta0) with SMTP id e8CGfYJ902764 for ; Tue, 12 Sep 2000 09:41:34 -0700 (PDT) Message-Id: <200009121641.e8CGfYJ902764@jurassic.eng.sun.com> Date: Tue, 12 Sep 2000 09:42:21 -0700 (PDT) From: Michael Condry Reply-To: Michael Condry Subject: Workshop To: ietf-openproxy@imc.org MIME-Version: 1.0 Content-Type: TEXT/plain; charset=us-ascii Content-MD5: GunVpc3pxdm/C/sHNl7vqQ== X-Mailer: dtmail 1.3.0 @(#)CDE Version 1.4 SunOS 5.8 sun4u sparc Sender: owner-ietf-openproxy@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: It will start at 9am Be sure and tell Juanita if you are comming to dinner (if you have not already) I will get an agenda out this afternoon. From owner-ietf-openproxy Tue Sep 12 12:27:28 2000 Received: by ns.secondary.com (8.9.3/8.9.3) id MAA29559 for ietf-openproxy-bks; Tue, 12 Sep 2000 12:27:28 -0700 (PDT) Received: from mercury.Sun.COM (mercury.Sun.COM [192.9.25.1]) by ns.secondary.com (8.9.3/8.9.3) with ESMTP id MAA29554 for ; Tue, 12 Sep 2000 12:27:26 -0700 (PDT) Received: from sunmail1.Sun.COM ([129.145.1.2]) by mercury.Sun.COM (8.9.3+Sun/8.9.3) with ESMTP id MAA16185 for ; Tue, 12 Sep 2000 12:29:33 -0700 (PDT) Received: from jurassic.eng.sun.com (jurassic.Eng.Sun.COM [129.146.84.31]) by sunmail1.Sun.COM (8.9.1b+Sun/8.9.1/ENSMAIL,v1.6.1-sunmail1) with ESMTP id MAA01462 for ; Tue, 12 Sep 2000 12:29:31 -0700 (PDT) Received: from viper (viper.Eng.Sun.COM [129.146.88.132]) by jurassic.eng.sun.com (8.11.1.Beta0+Sun/8.11.1.Beta0) with SMTP id e8CJTSJ939655 for ; Tue, 12 Sep 2000 12:29:29 -0700 (PDT) Message-Id: <200009121929.e8CJTSJ939655@jurassic.eng.sun.com> Date: Tue, 12 Sep 2000 12:30:15 -0700 (PDT) From: Michael Condry Reply-To: Michael Condry Subject: Extended Proxy Workshop Agenda, September 13th To: ietf-openproxy@imc.org MIME-Version: 1.0 Content-Type: TEXT/plain; charset=us-ascii Content-MD5: 4oSgZ2dDLaP2V+eqx0wwSA== X-Mailer: dtmail 1.3.0 @(#)CDE Version 1.4 SunOS 5.8 sun4u sparc Sender: owner-ietf-openproxy@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: 8:00-9:00 am Continental Breakfast 9:00 Introduction - Michael Condry and Hilarie Orman 9:30 Use Cases Extenisble Proxy Use Case - Michael Condry Example Services for Network Edge Proxies - Markus Hofmann Active Names - Michael Dahlin 10:30 Break 11:00 Security Administration Security - Jim Kempf Active Net Security Model - Steve Schwab 12:00 Lunch 1:15 Content Panel - Alex Shah, Michael Speer, Sunil Cherian, Jeff Suttor 2:15 Architecture funnelWeb - Application Layer Active Networking - Atanu Ghosh Architecture - Sandeep Sibal 3:00 Break 3:35 Architecture - continued Rule Evaluation Model - Dave Farber Specification Methods for Dynamic Services - Micah Beck 4:30 Plans and Discussions 5:15 Adjourn From owner-ietf-openproxy Tue Sep 12 14:45:25 2000 Received: by ns.secondary.com (8.9.3/8.9.3) id OAA02474 for ietf-openproxy-bks; Tue, 12 Sep 2000 14:45:25 -0700 (PDT) Received: from mercury.Sun.COM (mercury.Sun.COM [192.9.25.1]) by ns.secondary.com (8.9.3/8.9.3) with ESMTP id OAA02470 for ; Tue, 12 Sep 2000 14:45:24 -0700 (PDT) Received: from sunmail1.Sun.COM ([129.145.1.2]) by mercury.Sun.COM (8.9.3+Sun/8.9.3) with ESMTP id OAA11010 for ; Tue, 12 Sep 2000 14:47:31 -0700 (PDT) Received: from jurassic.eng.sun.com (jurassic.Eng.Sun.COM [129.146.88.31]) by sunmail1.Sun.COM (8.9.1b+Sun/8.9.1/ENSMAIL,v1.6.1-sunmail1) with ESMTP id OAA12047 for ; Tue, 12 Sep 2000 14:47:30 -0700 (PDT) Received: from viper (viper.Eng.Sun.COM [129.146.88.132]) by jurassic.eng.sun.com (8.11.1.Beta0+Sun/8.11.1.Beta0) with SMTP id e8CLlSJ960376 for ; Tue, 12 Sep 2000 14:47:28 -0700 (PDT) Message-Id: <200009122147.e8CLlSJ960376@jurassic.eng.sun.com> Date: Tue, 12 Sep 2000 14:48:14 -0700 (PDT) From: Michael Condry Reply-To: Michael Condry Subject: Corrected Agenda To: ietf-openproxy@imc.org MIME-Version: 1.0 Content-Type: TEXT/plain; charset=us-ascii Content-MD5: 8oLl0j9ccsbi6InVI4GmyA== X-Mailer: dtmail 1.3.0 @(#)CDE Version 1.4 SunOS 5.8 sun4u sparc Sender: owner-ietf-openproxy@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: Workshop Agenda 8:00-9:00 am Continental Breakfast 9:00 Introduction - Michael Condry and Hilarie Orman 9:30 Use Cases Extenisble Proxy Use Case - Michael Condry Example Services for Network Edge Proxies - Markus Hofmann Active Names - Michael Dahlin 10:30 Break 11:00 Security Administration Security - Jim Kempf Active Net Security Model - Steve Schwab 12:00 Lunch 1:15 Content Panel - Alex Shah, Michael Speer, Sunil Cherian, Jeff Suttor 2:15 Architecture funnelWeb - Application Layer Active Networking - Atanu Ghosh Specification Methods for Dynamic Services - Micah Beck 3:00 Break 3:35 Architecture - continued Rule Evaluation Disussion - Dave Farber 4:30 Plans and Discussions 5:15 Adjourn From owner-ietf-openproxy Tue Sep 12 14:54:31 2000 Received: by ns.secondary.com (8.9.3/8.9.3) id OAA02622 for ietf-openproxy-bks; Tue, 12 Sep 2000 14:54:31 -0700 (PDT) Received: from mercury.Sun.COM (mercury.Sun.COM [192.9.25.1]) by ns.secondary.com (8.9.3/8.9.3) with ESMTP id OAA02618 for ; Tue, 12 Sep 2000 14:54:30 -0700 (PDT) Received: from sunmail1.Sun.COM ([129.145.1.2]) by mercury.Sun.COM (8.9.3+Sun/8.9.3) with ESMTP id OAA14572 for ; Tue, 12 Sep 2000 14:56:39 -0700 (PDT) Received: from jurassic.eng.sun.com (jurassic.Eng.Sun.COM [129.146.87.31]) by sunmail1.Sun.COM (8.9.1b+Sun/8.9.1/ENSMAIL,v1.6.1-sunmail1) with ESMTP id OAA14908 for ; Tue, 12 Sep 2000 14:56:38 -0700 (PDT) Received: from viper (viper.Eng.Sun.COM [129.146.88.132]) by jurassic.eng.sun.com (8.11.1.Beta0+Sun/8.11.1.Beta0) with SMTP id e8CLuaJ962320 for ; Tue, 12 Sep 2000 14:56:36 -0700 (PDT) Message-Id: <200009122156.e8CLuaJ962320@jurassic.eng.sun.com> Date: Tue, 12 Sep 2000 14:57:22 -0700 (PDT) From: Michael Condry Reply-To: Michael Condry Subject: Agenda - a few more corrections To: ietf-openproxy@imc.org MIME-Version: 1.0 Content-Type: TEXT/plain; charset=us-ascii Content-MD5: yKmvjX6knSGw9gSFpnUZuA== X-Mailer: dtmail 1.3.0 @(#)CDE Version 1.4 SunOS 5.8 sun4u sparc Sender: owner-ietf-openproxy@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: Workshop Agenda 8:00-9:00 am Continental Breakfast 9:00 Introduction - Michael Condry and Hilarie Orman 9:30 Use Cases Extenisble Proxy Use Case - Michael Condry mminet++ - A Platform for Content Delivery and Enhanced Services- Markus Hofmann, A. Beck Active Names - Michael Dahlin 10:30 Break 11:00 Security Administration Security - Jim Kempf Active Net Security Model - Steve Schwab 12:00 Lunch 1:15 Content Panel - Alex Shah, Michael Speer, Sunil Cherian, Jeff Suttor 2:15 Architecture funnelWeb - Application Layer Active Networking - Atanu Ghosh Specification Methods for Dynamic Services - Micah Beck 3:00 Break 3:35 Architecture - continued Rule Evaluation Disussion - Dave Farber 4:30 Plans and Discussions 5:15 Adjourn From owner-ietf-openproxy Tue Sep 12 15:04:30 2000 Received: by ns.secondary.com (8.9.3/8.9.3) id PAA02977 for ietf-openproxy-bks; Tue, 12 Sep 2000 15:04:30 -0700 (PDT) Received: from mercury.Sun.COM (mercury.Sun.COM [192.9.25.1]) by ns.secondary.com (8.9.3/8.9.3) with ESMTP id PAA02973 for ; Tue, 12 Sep 2000 15:04:29 -0700 (PDT) Received: from sunmail1.Sun.COM ([129.145.1.2]) by mercury.Sun.COM (8.9.3+Sun/8.9.3) with ESMTP id PAA18375 for ; Tue, 12 Sep 2000 15:06:37 -0700 (PDT) Received: from jurassic.eng.sun.com (jurassic.Eng.Sun.COM [129.146.81.144]) by sunmail1.Sun.COM (8.9.1b+Sun/8.9.1/ENSMAIL,v1.6.1-sunmail1) with ESMTP id PAA17760 for ; Tue, 12 Sep 2000 15:06:37 -0700 (PDT) Received: from viper (viper.Eng.Sun.COM [129.146.88.132]) by jurassic.eng.sun.com (8.11.1.Beta0+Sun/8.11.1.Beta0) with SMTP id e8CM6aJ964355 for ; Tue, 12 Sep 2000 15:06:36 -0700 (PDT) Message-Id: <200009122206.e8CM6aJ964355@jurassic.eng.sun.com> Date: Tue, 12 Sep 2000 15:07:23 -0700 (PDT) From: Michael Condry Reply-To: Michael Condry Subject: Sorry about agenda corrections.... To: ietf-openproxy@imc.org MIME-Version: 1.0 Content-Type: TEXT/plain; charset=us-ascii Content-MD5: THqgiiTDf3ODvwxWcKucSw== X-Mailer: dtmail 1.3.0 @(#)CDE Version 1.4 SunOS 5.8 sun4u sparc Sender: owner-ietf-openproxy@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: I hope this is the last Workshop Agenda 8:00-9:00 am Continental Breakfast 9:00 Introduction - Michael Condry and Hilarie Orman 9:30 Use Cases Extenisble Proxy Use Case - Michael Condry mminet++ - A Platform for Content Delivery and Enhanced Services- Markus Hofmann, A. Beck Active Names - Michael Dahlin 10:30 Break 11:00 Security Network AAA for Proxy Mediated Services - Jim Kempf Active Net Security Model - Steve Schwab 12:00 Lunch 1:15 Content Panel - Alex Shah, Michael Speer, Sunil Cherian, Jeff Suttor 2:15 Architecture funnelWeb - Application Layer Active Networking - Atanu Ghosh Specification Methods for Dynamic Services - Micah Beck 3:00 Break 3:35 Architecture - continued Rule Evaluation Disussion - Dave Farber 4:30 Plans and Discussions 5:15 Adjourn From owner-ietf-openproxy Fri Sep 15 08:35:42 2000 Received: (from majordomo@localhost) by ns.secondary.com (8.9.3/8.9.3) id IAA25089 for ietf-openproxy-bks; Fri, 15 Sep 2000 08:35:42 -0700 (PDT) Received: from crufty.research.bell-labs.com (crufty.research.bell-labs.com [204.178.16.49]) by ns.secondary.com (8.9.3/8.9.3) with SMTP id IAA25084 for ; Fri, 15 Sep 2000 08:35:40 -0700 (PDT) Received: from bronx.dnrc.bell-labs.com ([135.180.160.8]) by crufty; Fri Sep 15 11:37:57 EDT 2000 Received: from bell-labs.com (apache [135.180.160.86]) by bronx.dnrc.bell-labs.com (8.9.3/8.9.3) with ESMTP id LAA14890; Fri, 15 Sep 2000 11:37:55 -0400 (EDT) Message-ID: <39C24255.25CE4F59@bell-labs.com> Date: Fri, 15 Sep 2000 11:37:57 -0400 From: Markus Hofmann Organization: Bell Labs Research, USA X-Mailer: Mozilla 4.75 [en] (WinNT; U) X-Accept-Language: en,de-DE MIME-Version: 1.0 To: ietf-openproxy@imc.org CC: Markus Hofmann Subject: Rules and rule sets Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-ietf-openproxy@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: Hi, Michael asked me to send the thoughts on rules and rule sets to the mailing list for further discussion. So, here they are: (1) As written in the draft, wildcards are essential to specify rules. (2) Possible actions for a rule are not only "call proxylet" and "remote call-out", but also an action like "do NOT do that", thus overwriting a possible wildcard rule. We refer to such rules as "negative rules". Example: An ISP has installed a wildcard rule that forwards all client requests to a remote call-out server (e.g. for filtering). Now, if one specific client keeps complaining about the new service, the ISP might not want to shut down the new service for all clients, but only for this specific one => use a negative rule. Other examples include scenarios in which you want to execute a service for all URLs except for some specific ones (e.g. do adaptation for all URLs except for the URLs from content providers that threat with suing you :) (3) If multiple rules fire on a single message, the ordering of rules becomes very important. Example: two rules fire on a single message, e.g. a rule for language translation and a rule for ad insertion. In which order should the rules fire? You might want to do the ad insertion first, followed by the translation (or vice versa). (4) Given that ordering of rules is important - who is reponsible for the ordering of rules? According to the draft, rules can be installed by different parties. Imagine that the above mentioned rule for language translation and for ad insertion are from different parties. Which party defines the ordering of rules? There might be conflicts!!! A single instance for receiving, installing and defining the order of rules might be a good idea (e.g. the administrator of the proxy/cache). Of course, one might also think about mechanisms to specify dependencies of rules..., but... (5) My feeling is that rules should NOT be too complex. Simple rules looking at basic message properties that are common to most rules should be sufficient. More enhanced "filtering" and "rule matching" should be done in the proxylets. For example, we've implemented a simple rule set only looking at the source address and the destination URL of a request. If there's a match, the associated action will be executed, for example calling a proxylet. The proxylet itself can now do more enhanced filtering, for example, checking the language preferences of the user in order to determine whether the response has to be translated. (6) Somehow related to the above item: Message properties to be extracted by the message parser do NOT only depend on the protocol, but also on the rules that have been installed. Potentially, every single line of an HTTP header can be of interest for a rule. So, do you want to extract all HTTP header fields in the parser? According to (5), one could define some HTTP header fields that are of interest to most rules, extract them in the message parser, match rules (i.e. rules are also restricted to these fields) and than forward the message to a proxylet, for example. The proxylet can now further examine the message and check the header fields that are of specific interest. The cost, however, is more parsing overhead... We will keep working on our rule set implementation to see whether it can meet the requirements of the services we have in mind. We would be very interested in more detailed discussion, your comments, thougts, feedback, so that we together can come up with a common and open solution that works for all of us. Please let us know if you're interested in that issue so that we can work together on that. -Markus From owner-ietf-openproxy Sun Sep 17 21:23:13 2000 Received: (from majordomo@localhost) by ns.secondary.com (8.9.3/8.9.3) id VAA25352 for ietf-openproxy-bks; Sun, 17 Sep 2000 21:23:13 -0700 (PDT) Received: from lukla.Sun.COM (lukla.Sun.COM [192.18.98.31]) by ns.secondary.com (8.9.3/8.9.3) with ESMTP id VAA25348 for ; Sun, 17 Sep 2000 21:23:11 -0700 (PDT) Received: from centralmail1.Central.Sun.COM ([129.147.62.10]) by lukla.Sun.COM (8.9.3+Sun/8.9.3) with ESMTP id WAA21441; Sun, 17 Sep 2000 22:25:45 -0600 (MDT) Received: from esun1as-mm. (esun1as-mm.Central.Sun.COM [129.147.34.144]) by centralmail1.Central.Sun.COM (8.9.3+Sun/8.9.3/ENSMAIL,v1.7) with SMTP id WAA26895; Sun, 17 Sep 2000 22:25:45 -0600 (MDT) Received: from condry.org by esun1as-mm. (SMI-8.6/SMI-SVR4) id WAA11173; Sun, 17 Sep 2000 22:32:37 -0600 Message-ID: <39C5981A.1DD72DB6@condry.org> Date: Sun, 17 Sep 2000 21:20:42 -0700 From: "Michael W. Condry" X-Mailer: Mozilla 4.73 [en] (Win98; U) X-Accept-Language: en,pdf,zh,zh-CN MIME-Version: 1.0 To: epsfw@sun.com, condry@condry.org, ietf-openproxy@imc.org Subject: EPSFW Workshop Followup Content-Type: multipart/mixed; boundary="------------4B5B067EF54F4264A20F43F1" Sender: owner-ietf-openproxy@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: This is a multi-part message in MIME format. --------------4B5B067EF54F4264A20F43F1 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit After our EPSFW workshop I have some notes on some of the work that might be done between now and San Diego. We wish to expand the specifications associated with our model and enhance the requirements to evolve the EPSFW draft. The details will be in clarification of how things could work, needed protocols, APIs, etc. all of which will define pieces that eventually evolve the overall architecture. I will be posting the slides and notes later. Let me try and spell out some things to do, and I would like some volenteers and additions. Please make suggestions!!! 1. Services/Proxylet requirements: Here a particular service is examined in detail, with a use case or implementation or both. Results will exhibit the specifications either at the detailed level (APIs and protocols) or at the requirements level. Alex Shah gave us a detailed Use Case for his MyWebBook. Markus Hoffman and Katy Guo gave us some implementations that could be mapped into the framework. Senthil Kumar and I tried to enhance the "University Accounting" USE-CASE. Things we need to do (as much as possible) a. Explain what needs to be done including examples of required protocols, functions, rule expectations and library expectations. b. Propose a design that is consistent with the requirements in EPSFW. Suggest requirement changes if necessary. c. Implement code for the service or show how thing need to work with a detailed Use Case. d. Describe enhancements or details to the EPSFW framework. Senthil Kumar and I tried to enhance the "University Accounting" USE-CASE. Kumar's group may be able to implement this by San Diego. This is quite simple and no example protocols or APIs are shown thus far. Example Service Projects that I can think of: * Steaming Media with Caching changes * Content Assembly - improving Yahoo a. Ad insertion b. Tickertape c. MyWebBook d. Localization * PBX control * Transcoding * University Accounting * ICAP examples Look the list over, pick one or insert more in the list. 2. Rule Model Dave Farber started with some rule issues and Markus has sent out some additional requirements. We need to collect these requirements and update the draft. We could also build a small rule engine. Just a simple case could be used to expand things: * HTTP/HTML only - certainly not the framework requirements. * Schema to represent rules * Simple conflict model Now we need * tools to analyze rule specifications * engine for executing rules and firing proxylets lots more. 3. Security/Accounting What is the AAA model for our EPSFW environement. Understanding the scope of rulets and proxylets is critical. There is lots to be done here. I am certainly open to suggestions. Michael condry@condry.org --------------4B5B067EF54F4264A20F43F1 Content-Type: text/plain; charset=us-ascii; name="UAUseCase.txt" Content-Transfer-Encoding: 7bit Content-Disposition: inline; filename="UAUseCase.txt" As one example, let us expand the "Univeristy Accounting" use case. Here the objective was to create a log of the class URLs used by the students along with some indication of usage time. Using EPSFW was ideal because the professor designing the accounting for his classes does not necessary have the right to modify the web pages used for his class and the Client/User Agent is certainly not a suitable place to do this. This is a simple use case but it does call on all the key components. The key componets are shown in the diagram below: +----------------+ | Accounting | | Callout | | Server | +----------------+ A | | | | | | V +----------------+ | | +----------+ | PROXY SERVER | +-----------+ |Client |<-------|4 3|<-----------| Content | |User agent|------->|1 ------------ 2|----------->| Server(s) | +----------+ | | +-----------+ | proxylets | | | +----------------+ A | | | | V +----------------+ | Adminsitraion | | Server | +----------------+ PROXYLETS The proxy server executes the proxylets that we use to do the accounting. There are three proxylets: a. The login proxylet that essentially "starts" the proxy based accounting session. There are several ways we might stimulate this but we are assuming that the student is required to login into a "class URL" in order to access the class web pages. This creates data kept in the proxy server for accounting; it is the process that identifies the student. b. The logout proxylet is used to "clear out" the user information being kept by Proxy Server. This can be executed explicitally or by a timeout. So an "inactive use" timer is in the system and when fired can cause this proxylet to execute as well as going to an explicit logout URL. This "inactive use" timer is determined by the value set in the "student active time" set by the log proxylet. c. The log proxylet creates a log entry when the student accesses a content server. This data is passed to the accounting callout server for further processing. The record looks something like The proxylet would also set a "student active time" variable each time its fired for this student. RULES The rule mechanism is based only the URLs of requests and timer data. There are some choices in rules. Three primary mechanisms could be used to elect when a class URL proxylet should be fired: i. Fire for all URLs ii. Fire with URLS matching a regular expression (like "149.146.22.*") ii. Fire with URLs found in a list Establishing which is the most suitable set of rules and analying each is a good project. For now, lets just assume that all the appropriate URLs will be specificable by a simple regular expression. PROCESS Now the operation of the system will go as follows. First we have an administration set up procedure: 1) Verify correctness and security of the rules and proxylets. 2) Administrator installs the proxylets and rules to the proxy. This would install the i) login proxylet ii) logout proxylet iii) log proxylet(s) It would also install the rulets (URLs) that specify the login and logout URLs and the regular expression that describes the class web page URLs. Now, once installed the system can be used: 0) User (the student) sets his browser proxy to point to the main PROXY required to be use for classwork. This will direct the students agent to go through our example proxy server. 1) Now student's "login" to the class system by going to the class login webpage. Student submitting the login web page triggers login proxylet. Since Login proxylet knows about login form, it picks up student info from it. It sets up internal information to associate activity from this client to be identified as this student. 2) After the login, the student accesses the class URLs through their browser. The rule system matches this URL and fires the log proxylet. The proxylet looks up the student id (knowing the ip connection of the client) then logs the class access record which looks like: This is passed on ot the Accounting Callout Server. An XML format for the data would be likely. Callout server logs all these info. This proxylet also sets the "student active" timer to indicate that a page was accessed at this time. 3) At some point the student will quit accessing pages. A "logout" URL will be provided. If the student accesses the logout URL or if too much time passes and the timer fires because the student is not active, this will trigger the logout proxylet. The logout proxylet removes the student information from the within the proxy. This should also remove access to the class web pages until a "login" procedure is executed again. External to this process, the professor takes the data logs on the callout accounting processor and does whatever analysis desired on the data. This could re-set the logs. The professor must also set up the login/logout URLs. --------------4B5B067EF54F4264A20F43F1-- From owner-ietf-openproxy Mon Sep 18 20:11:44 2000 Received: (from majordomo@localhost) by ns.secondary.com (8.9.3/8.9.3) id UAA03836 for ietf-openproxy-bks; Mon, 18 Sep 2000 20:11:44 -0700 (PDT) Received: from 1-132.mnot.net (adsl-63-201-242-106.dsl.snfc21.pacbell.net [63.201.242.106]) by ns.secondary.com (8.9.3/8.9.3) with ESMTP id UAA03832 for ; Mon, 18 Sep 2000 20:11:41 -0700 (PDT) Received: by 1-132.mnot.net (Postfix, from userid 500) id A58256601; Mon, 18 Sep 2000 20:14:08 -0700 (PDT) Date: Mon, 18 Sep 2000 20:14:08 -0700 From: Mark Nottingham To: WREC Working Group Cc: ietf-openproxy@imc.org Subject: End to End thoughts [long] Message-ID: <20000918201408.D2609@mnot.net> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2i Sender: owner-ietf-openproxy@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: There's been a lot of talk in various places about end-to-end problems, and their relation to intermediates (e.g., HTTP caching proxies, surrogates, etc.). Things have gotten somewhat religious. Rather than go down that road, I'd like to examine the issues and separate them into distinct problems. * Network Layer The end-to-end principle applies to *network* layer functions; it is not meant to preclude an application-level gateway. I _think_ that most everyone will agree that functions that break end-to-end transparency at the network layer cause problems. In other words, Interception Proxies are Evil. While it's nice to think that we can convince the world of this, it's more realistic to find out why people use them, and give them a better alternative. To my knowledge, most people use them because they need an easy way to assure that Web traffic (or at least port 80) goes through a proxy. While browser have proxy auto-configuration, it hasn't changed in quite a few years, there's no standard to implement, and it relies on JavaScript. WPAD was a good start; unfortunately, it never really went to far beyond Microsoft. Additionally, a more sensible, standard format for the configuration file would help. Over all of this, we need participation from the browser vendors, or we won't get anywhere. * Application Layer All of this being said, HTTP intermediates *do* raise issues at the application layer, which aren't end-to-end problems, but do get confused with them, as the causes are similar. Proxies and surrogates can do a number of things to requests and responses as they flow through. I've been roughly classifying them as; - access control (e.g., blocking, filtering) - request modification (URI rewriting) - response modification (transcoding) These operations are often performed in the interest of one of different parties: - content provider - access provider - user There have been numerous papers and discussions about the interesting things that can be done by intermediates. However, I don't think there's enough attention being paid to the problems that enabling these functions on intermediates can cause. * HTTP The HTTP makes a primary assumption of semantic transparency - that an entity body will not be changed 'in flight' - that, discounting transfer-encodings and so forth, what the server sends in the response is what the client gets. Jeff Mogul brought up issues with entity identity, as expressed in the ETag, in Lisbon. There was also general concern (it may have been Jeff in particular, my memory isn't that good) that an operation performed in one portion of the network may not be performed in another, causing unpredicatable behaviours. There are lots of other little examples here that should be covered, but I'll leave it for now. * URI One of the premises of URIs is that they refer to a specific, identifyable resource, and that the authority for that resource has control over it. Many applications have dependencies on this. PICS, Robots Exclusion, P3P, and other kinds of metadata systems break, sometimes disasterously, when intermediates change the semantics and/or payload of a message. The privacy implications are especially of concern. Overall, content providers have a reasonable expectation that the object which they deliver will be the one that the user gets, unless the user doesn't want it. These effects are largely social and legal; however, they're enabled by the technology that's being pushed out there. We need to reconcile the capabilities of the products and frameworks that we're building with the expectations that have been set by our base protocols. It's interesting that Web caching seems to be losing ground to CDNs so rapidly; to me, this illustrates the point perfectly. Web caching was always performed in the interest of the access provider, not the content provider (or arguably even the user). As a result, content providers don't trust Web caches. What's it going to be like out there when access providers can slip a transcoding, rewriting module into a proxy on the fly? One person who I've talked about this with pointed out the issues we had a while back in caches vs. copyright, legally. There's much more direct potential for problems here. -- Mark Nottingham http://www.mnot.net/ From owner-ietf-openproxy Tue Sep 19 08:10:13 2000 Received: (from majordomo@localhost) by ns.secondary.com (8.9.3/8.9.3) id IAA25915 for ietf-openproxy-bks; Tue, 19 Sep 2000 08:10:13 -0700 (PDT) Received: from mercury.Sun.COM (mercury.Sun.COM [192.9.25.1]) by ns.secondary.com (8.9.3/8.9.3) with ESMTP id IAA25909 for ; Tue, 19 Sep 2000 08:10:11 -0700 (PDT) Received: from sunmail1.Sun.COM ([129.145.1.2]) by mercury.Sun.COM (8.9.3+Sun/8.9.3) with ESMTP id IAA21235; Tue, 19 Sep 2000 08:12:51 -0700 (PDT) Received: from jurassic.eng.sun.com (jurassic.Eng.Sun.COM [129.146.82.166]) by sunmail1.Sun.COM (8.9.1b+Sun/8.9.1/ENSMAIL,v1.6.1-sunmail1) with ESMTP id IAA15998; Tue, 19 Sep 2000 08:12:50 -0700 (PDT) Received: from viper (viper.Eng.Sun.COM [129.146.88.132]) by jurassic.eng.sun.com (8.11.1.Beta1+Sun/8.11.1.Beta1) with SMTP id e8JFCna913711; Tue, 19 Sep 2000 08:12:49 -0700 (PDT) Message-Id: <200009191512.e8JFCna913711@jurassic.eng.sun.com> Date: Tue, 19 Sep 2000 08:13:38 -0700 (PDT) From: Michael Condry Reply-To: Michael Condry Subject: Re: EPSFW Workshop Followup To: JPretorius@novell.com Cc: ietf-openproxy@imc.org MIME-Version: 1.0 Content-Type: TEXT/plain; charset=us-ascii Content-MD5: HCU7Qv3C2wtaf3qJjxfFBw== X-Mailer: dtmail 1.3.0 @(#)CDE Version 1.4 SunOS 5.8 sun4u sparc Sender: owner-ietf-openproxy@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: Jessie- Yes, negative states should be considered. What if the rulet language allowed at a not in the pattern expression, would that work? Also, do you have some good examples were a negative expression is key to making it work? Michael > To: > Subject: Re: EPSFW Workshop Followup > Mime-Version: 1.0 > Content-Disposition: inline > Content-Transfer-Encoding: 8bit > X-MIME-Autoconverted: from quoted-printable to 8bit by jurassic.eng.sun.com id e8JAN2a895281 > > Just to comment, in addition to the rules listed in UAUseCase.txt, it may be a good idea to provide a reverse set of rules: > > i. Fire (or do not fire) for all URLs > ii. Fire (or do not fire) with URLS matching a regular expression (like "149.146.22.*") > ii. Fire (or do not fire) with URLs found in a list > > This provides the customer with the flexibility to manage by exception. > > Cheers > > Jesse > > *** > Jesse Pretorius > Systems Engineer > e-mail: JPretorius@Novell.Com > AIM/InstantMe: preycor > ICQ# 4620796 > Tel: +27 21 418 3805 > Fax: +27 21 418 3931 > > Novell, Inc., the leading provider of Net services software > www.novell.com > > > >>> "Michael W. Condry" 09/18/00 06:20AM >>> > After our EPSFW workshop I have some notes on some of the work > that might be done between now and San Diego. We wish to > expand the specifications associated with our model and enhance the > requirements to evolve the EPSFW draft. The details will be in > clarification > of how things could work, needed protocols, APIs, etc. all of which will > > define pieces that eventually evolve the overall architecture. > > I will be posting the slides and notes later. > > Let me try and spell out some things to do, and I would like some > volenteers > and additions. Please make suggestions!!! > > 1. Services/Proxylet requirements: > Here a particular service is examined in detail, with a > use case or implementation or both. Results will exhibit the > specifications either at the detailed level (APIs and protocols) > or at the requirements level. > > Alex Shah gave us a detailed Use Case for his > MyWebBook. Markus Hoffman and Katy Guo gave us some > implementations that could be mapped into the > framework. Senthil Kumar and I tried to > enhance the "University Accounting" USE-CASE. > > Things we need to do (as much as possible) > > a. Explain what needs to be done including examples of required > protocols, functions, rule expectations and library > expectations. > b. Propose a design that is consistent with the requirements in EPSFW. > Suggest requirement changes if necessary. > c. Implement code for the service or show how thing need to work > with a detailed Use Case. > d. Describe enhancements or details to the EPSFW framework. > > Senthil Kumar and I tried to > enhance the "University Accounting" USE-CASE. Kumar's > group may be able to implement this by San Diego. This is > quite simple and no example protocols or APIs are shown > thus far. > > Example Service Projects that I can think of: > * Steaming Media with Caching changes > * Content Assembly - improving Yahoo > a. Ad insertion > b. Tickertape > c. MyWebBook > d. Localization > * PBX control > * Transcoding > * University Accounting > * ICAP examples > > Look the list over, pick one or insert more in the list. > > 2. Rule Model > Dave Farber started with some rule issues and Markus has sent > out some additional requirements. We need to collect > these requirements and update the draft. > > We could also build a small rule engine. Just a simple case could > be used to expand things: > * HTTP/HTML only - certainly not the framework requirements. > * Schema to represent rules > * Simple conflict model > > Now we need > * tools to analyze rule specifications > * engine for executing rules and firing proxylets > lots more. > > 3. Security/Accounting > What is the AAA model for our EPSFW environement. > Understanding the scope of rulets and proxylets > is critical. There is lots to be done here. > > I am certainly open to suggestions. > > Michael > condry@condry.org > > From owner-ietf-openproxy Tue Sep 19 17:09:28 2000 Received: by ns.secondary.com (8.9.3/8.9.3) id RAA14830 for ietf-openproxy-bks; Tue, 19 Sep 2000 17:09:28 -0700 (PDT) Received: from boreas.isi.edu (boreas.isi.edu [128.9.160.161]) by ns.secondary.com (8.9.3/8.9.3) with ESMTP id RAA14826 for ; Tue, 19 Sep 2000 17:09:26 -0700 (PDT) Received: from isi.edu (sci.isi.edu [128.9.160.93]) by boreas.isi.edu (8.9.3/8.9.3) with ESMTP id RAA24751; Tue, 19 Sep 2000 17:11:47 -0700 (PDT) Message-ID: <39C800B3.66965AA4@isi.edu> Date: Tue, 19 Sep 2000 17:11:31 -0700 From: Joe Touch X-Mailer: Mozilla 4.74 [en] (Win98; U) X-Accept-Language: en,pdf MIME-Version: 1.0 To: Mark Nottingham CC: WREC Working Group , ietf-openproxy@imc.org, touch@ISI.EDU Subject: Re: End to End thoughts [long] References: <20000918201408.D2609@mnot.net> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-ietf-openproxy@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: Mark Nottingham wrote: > > There's been a lot of talk in various places about end-to-end > problems, and their relation to intermediates (e.g., HTTP caching > proxies, surrogates, etc.). > > Things have gotten somewhat religious. Rather than go down that road, > I'd like to examine the issues and separate them into distinct > problems. > > * Network Layer > > The end-to-end principle applies to *network* layer functions; it is > not meant to preclude an application-level gateway. The E2E principle applies to all services implemented at the endpoints, not just transport. This includes reliable transfer, security, etc. It does not preclude anything, per se. It merely says that E2E services (e.g., reliable transport, app security, etc.) cannot be composed _merely_ out of equivalent hop-by-hop services. > I _think_ that most everyone will agree that functions that break > end-to-end transparency at the network layer cause problems. In other > words, > > Interception Proxies are Evil. The problem with interception proxies isn't breakage of E2E; it's breakage of standard protocols. See http://www.isi.edu/touch/pubs/hazards-outline.txt for further info. > Proxies and surrogates can do a number of things to requests and > responses as they flow through. I've been roughly classifying them > as; > > - access control (e.g., blocking, filtering) > - request modification (URI rewriting) > - response modification (transcoding) Yes - and these are actually discussed in the original E2E paper. This is basically value-added services. There are plenty of them. The E2E principle doesn't prohibit HBH services; it just says HBH alone do not compose to yield E2E. It specifically allows (if not encourages) HBH for performance enhancement, with the caveat that it is also possible to degrade performance if not done carefully. > It's interesting that Web caching seems to be losing ground to CDNs > so rapidly; to me, this illustrates the point perfectly. Web caching > was always performed in the interest of the access provider, not the > content provider (or arguably even the user). As a result, content > providers don't trust Web caches. What's it going to be like out > there when access providers can slip a transcoding, rewriting module > into a proxy on the fly? CDNs use web caches, don't they? or at least what do you call the rented Akamai server? I call it a cache... (CDN is just an economic model for charging the provider for space on the cache) Joe From owner-ietf-openproxy Tue Sep 19 17:38:57 2000 Received: (from majordomo@localhost) by ns.secondary.com (8.9.3/8.9.3) id RAA15434 for ietf-openproxy-bks; Tue, 19 Sep 2000 17:38:57 -0700 (PDT) Received: from mail.mnot.net (adsl-63-201-242-106.dsl.snfc21.pacbell.net [63.201.242.106]) by ns.secondary.com (8.9.3/8.9.3) with ESMTP id RAA15430 for ; Tue, 19 Sep 2000 17:38:56 -0700 (PDT) Received: by mail.mnot.net (Postfix, from userid 500) id 6A2DF976E; Tue, 19 Sep 2000 17:41:26 -0700 (PDT) Date: Tue, 19 Sep 2000 17:41:26 -0700 From: Mark Nottingham To: Joe Touch Cc: WREC Working Group , ietf-openproxy@imc.org Subject: Re: End to End thoughts [long] Message-ID: <20000919174124.A1719@mnot.net> References: <20000918201408.D2609@mnot.net> <39C800B3.66965AA4@isi.edu> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2i In-Reply-To: <39C800B3.66965AA4@isi.edu>; from touch@ISI.EDU on Tue, Sep 19, 2000 at 05:11:31PM -0700 Sender: owner-ietf-openproxy@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: On Tue, Sep 19, 2000 at 05:11:31PM -0700, Joe Touch wrote: > > The end-to-end principle applies to *network* layer functions; it is > > not meant to preclude an application-level gateway. > > The E2E principle applies to all services implemented at the endpoints, > not just transport. This includes reliable transfer, security, etc. > It does not preclude anything, per se. It merely says that > E2E services (e.g., reliable transport, app security, etc.) > cannot be composed _merely_ out of equivalent hop-by-hop services. Thanks; that makes it somewhat clearer to me. Although I've read the original paper, there's been a lot of bandying the term about, somewhat blurring its meaning in usage. > > Interception Proxies are Evil. > > The problem with interception proxies isn't breakage of E2E; > it's breakage of standard protocols. See > http://www.isi.edu/touch/pubs/hazards-outline.txt for further info. Many have been explaining the Evils of interceptions proxies in this way, which is why I started from this angle. That having been said, I'm more interested in the effects below than these. Interception problems seem to have enough people concerned about them (although we still need to *do* something about them). In this respect, it was a poorly chosen subject line, but my perception was that these points were previously articulated as end-to-end problems. > > Proxies and surrogates can do a number of things to requests and > > responses as they flow through. I've been roughly classifying them > > as; > > > > - access control (e.g., blocking, filtering) > > - request modification (URI rewriting) > > - response modification (transcoding) > > Yes - and these are actually discussed in the original E2E paper. > This is basically value-added services. There are plenty of them. > > The E2E principle doesn't prohibit HBH services; it just > says HBH alone do not compose to yield E2E. It specifically > allows (if not encourages) HBH for performance enhancement, > with the caveat that it is also possible to degrade performance > if not done carefully. Of course; I wasn't suggesting that E2E prohibited application level gateways, etc., but that if current work goes forward without considering the social and legal effects of what they do, there will be trouble. > > It's interesting that Web caching seems to be losing ground to CDNs > > so rapidly; to me, this illustrates the point perfectly. Web caching > > was always performed in the interest of the access provider, not the > > content provider (or arguably even the user). As a result, content > > providers don't trust Web caches. What's it going to be like out > > there when access providers can slip a transcoding, rewriting module > > into a proxy on the fly? > > CDNs use web caches, don't they? or at least what do you call the > rented Akamai server? I call it a cache... > (CDN is just an economic model for charging the provider for space > on the cache) It's a surrogate which implements a cache. You've made my point well - Web caching isn't a good economic model, and even risked legal problems at one point, because it isn't done on behalf of the content provider. Rather, it is done by the access provider, who isn't concerned with cache correctness, etc. nearly as much as the content provider. Value-added services are a good thing, but there needs to be a framework to address these issues. While some content providers may not care that their content is transcoded by a proxy in front of the user, others may. For example, if a legal document is changed in any way (translated, summarized, etc.) it becomes invalid. The most oft-cited example that makes me shudder is the dynamic insertion/replacement of ads by the access provider, without permission of the content provider. While I'm sure there's a market for this out there, it brings up significant issues. I'm not sure that IETF is the best place to address this; W3C seems (to me) to have a more active view on social/legal issues. However, this is where these capabilities are being talked about, so it seemed a good starting point. -- Mark Nottingham http://www.mnot.net/ From owner-ietf-openproxy Wed Sep 20 03:44:48 2000 Received: by ns.secondary.com (8.9.3/8.9.3) id DAA19523 for ietf-openproxy-bks; Wed, 20 Sep 2000 03:44:48 -0700 (PDT) Received: from cpl-emea-mail1.cpl.novell.com (cpl-emea-mail1.cpl.novell.com [147.2.71.56]) by ns.secondary.com (8.9.3/8.9.3) with SMTP id DAA19518 for ; Wed, 20 Sep 2000 03:44:46 -0700 (PDT) Received: from EMEA-Message_Server by cpl-emea-mail1.cpl.novell.com with Novell_GroupWise; Wed, 20 Sep 2000 12:46:56 +0200 Message-Id: X-Mailer: Novell GroupWise Internet Agent 5.5.3.1 Date: Wed, 20 Sep 2000 12:46:24 +0200 From: "Jesse Pretorius" To: Cc: Subject: Re: EPSFW Workshop Followup Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Disposition: inline Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by ns.secondary.com id DAA19519 Sender: owner-ietf-openproxy@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: The simplest case would be where a university, or any corporate has internal (or extranet) web servers - but has all users going through the proxy. They would want to charge for all traffic going through the proxy that does not match a particular expression: Rules applied in top-down order: * Do not fire for *.foo.com * Do not fire for URLs found in list * Fire for all URLs With this kind of negative state rule set, the accounting applies to the websites that the company feels is chargable, and the administration load in maintaining the rule list is minimised. Jesse *** Jesse Pretorius Systems Engineer e-mail: JPretorius@Novell.Com AIM/InstantMe: preycor ICQ# 4620796 Tel: +27 21 418 3805 Fax: +27 21 418 3931 Novell, Inc., the leading provider of Net services software www.novell.com >>> Michael Condry 09/19/00 05:13PM >>> Jessie- Yes, negative states should be considered. What if the rulet language allowed at a not in the pattern expression, would that work? Also, do you have some good examples were a negative expression is key to making it work? Michael From owner-ietf-openproxy Wed Sep 20 09:48:30 2000 Received: (from majordomo@localhost) by ns.secondary.com (8.9.3/8.9.3) id JAA02332 for ietf-openproxy-bks; Wed, 20 Sep 2000 09:48:30 -0700 (PDT) Received: from boreas.isi.edu (boreas.isi.edu [128.9.160.161]) by ns.secondary.com (8.9.3/8.9.3) with ESMTP id JAA02328 for ; Wed, 20 Sep 2000 09:48:29 -0700 (PDT) Received: from isi.edu (sci.isi.edu [128.9.160.93]) by boreas.isi.edu (8.9.3/8.9.3) with ESMTP id JAA19704; Wed, 20 Sep 2000 09:51:12 -0700 (PDT) Message-ID: <39C8EAEE.4BBA120D@isi.edu> Date: Wed, 20 Sep 2000 09:50:54 -0700 From: Joe Touch X-Mailer: Mozilla 4.74 [en] (Win98; U) X-Accept-Language: en,pdf MIME-Version: 1.0 To: Mark Nottingham CC: WREC Working Group , ietf-openproxy@imc.org, touch@ISI.EDU Subject: Re: End to End thoughts [long] References: <20000918201408.D2609@mnot.net> <39C800B3.66965AA4@isi.edu> <20000919174124.A1719@mnot.net> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-ietf-openproxy@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: Mark Nottingham wrote: > > On Tue, Sep 19, 2000 at 05:11:31PM -0700, Joe Touch wrote: > > > > Interception Proxies are Evil. > > > > The problem with interception proxies isn't breakage of E2E; > > it's breakage of standard protocols. See > > http://www.isi.edu/touch/pubs/hazards-outline.txt for further info. > > Many have been explaining the Evils of interceptions proxies in this way, > which is why I started from this angle. > > That having been said, I'm more interested in the effects below than these. > Interception problems seem to have enough people concerned about them > (although we still need to *do* something about them). In this respect, it > was a poorly chosen subject line, but my perception was that these points > were previously articulated as end-to-end problems. There certainly is room for work here. > Of course; I wasn't suggesting that E2E prohibited application level > gateways, etc., but that if current work goes forward without considering > the social and legal effects of what they do, there will be trouble. The IETF, far as I can tell, doesn't consider these issues, unless: 1. there are technical solutions somewhere underlying the social and/or legal AND 2. the legal issues constrain technical solutions i.e., solutions which are obviously not viable from the legal aspect are probably not worth spending time on technically > > > It's interesting that Web caching seems to be losing ground to CDNs > > > so rapidly; to me, this illustrates the point perfectly. Web caching > > > was always performed in the interest of the access provider, not the > > > content provider (or arguably even the user). As a result, content > > > providers don't trust Web caches. What's it going to be like out > > > there when access providers can slip a transcoding, rewriting module > > > into a proxy on the fly? > > > > CDNs use web caches, don't they? or at least what do you call the > > rented Akamai server? I call it a cache... > > (CDN is just an economic model for charging the provider for space > > on the cache) > > It's a surrogate which implements a cache. That's marketing doublespeak. It's a cache. > You've made my point well - Web > caching isn't a good economic model, and even risked legal problems at one > point, because it isn't done on behalf of the content provider. Rather, it > is done by the access provider, who isn't concerned with cache correctness, > etc. nearly as much as the content provider. > > Value-added services are a good thing, but there needs to be a framework to > address these issues. While some content providers may not care that their > content is transcoded by a proxy in front of the user, others may. > > For example, if a legal document is changed in any way (translated, > summarized, etc.) it becomes invalid. The primary problems with caching, in that sense, are: 1. content providers do not _want_ to provide expiration dates these dates must be determined in advance, and limit when changes will propagate. the CP's would like to 'recall' old items; this doesn't work with our current caching model, regardless of who runs the cache. the reason the CDNs are useful is that the CP's can push updated info out to the caches, in that sense 2. authentication is lacking CP's could sign their pages (e.g., PGP sign) again, there is disincentive, because it would inhibit user access (slow it down, stall it while waiting for key retrieval, etc) There is certainly a model for client-directed caching; several have worked just fine. Local premesis caching works if the organization is large (e.g., a school, a company, or a large ISP). Egress/ingress caching works on national scales, esp. where bandwidth is limited (e.g., Australia). The model is the same as TV and radio. People can decide what they want to see (e.g., PBS, request radio shows), but there is more money to be made by being advertiser-driven. E.g., I doubt people _want_ to watch infomercials all day long on the weekend, but there's money there. But you can buy pay-per-view or HBO and not have infomercials. People want to direct their cost (free); advertisers want to direct the content (and will pay). (but I digress - this may be an interesting coffeehouse chat at an upcoming IETF, though). > The most oft-cited example that makes me shudder is the dynamic > insertion/replacement of ads by the access provider, without permission of > the content provider. While I'm sure there's a market for this out there, it > brings up significant issues. Happens with local TV too. Without monitoring, it happens. > I'm not sure that IETF is the best place to address this; W3C seems (to > me) to have a more active view on social/legal issues. However, this is > where these capabilities are being talked about, so it seemed a good > starting point. These issues are addressed in the open court of public opinion, or in classes in business schools :-) Joe From owner-ietf-openproxy Wed Sep 20 10:28:33 2000 Received: by ns.secondary.com (8.9.3/8.9.3) id KAA03115 for ietf-openproxy-bks; Wed, 20 Sep 2000 10:28:33 -0700 (PDT) Received: from 1-132.mnot.net (adsl-63-201-242-106.dsl.snfc21.pacbell.net [63.201.242.106]) by ns.secondary.com (8.9.3/8.9.3) with ESMTP id KAA03111 for ; Wed, 20 Sep 2000 10:28:32 -0700 (PDT) Received: by 1-132.mnot.net (Postfix, from userid 500) id B66216601; Wed, 20 Sep 2000 13:34:03 -0700 (PDT) Date: Wed, 20 Sep 2000 13:34:03 -0700 From: Mark Nottingham To: Joe Touch Cc: WREC Working Group , ietf-openproxy@imc.org Subject: Re: End to End thoughts [long] Message-ID: <20000920133401.A890@mnot.net> References: <20000918201408.D2609@mnot.net> <39C800B3.66965AA4@isi.edu> <20000919174124.A1719@mnot.net> <39C8EAEE.4BBA120D@isi.edu> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2i In-Reply-To: <39C8EAEE.4BBA120D@isi.edu>; from touch@ISI.EDU on Wed, Sep 20, 2000 at 09:50:54AM -0700 Sender: owner-ietf-openproxy@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: On Wed, Sep 20, 2000 at 09:50:54AM -0700, Joe Touch wrote: > The IETF, far as I can tell, doesn't consider these issues, unless: > > 1. there are technical solutions somewhere underlying > the social and/or legal > > AND > > 2. the legal issues constrain technical solutions > i.e., solutions which are obviously not viable > from the legal aspect are probably not worth > spending time on technically IMHO both conditions may be met; since there is a group actively discussing a framework to enable these functions, and there clearly are legal issues, even if the extent of those issues are unclear. I believe that there can be technical solutions to these problems, as it seems that there is other work in the IETF about trust models, etc. > > It's a surrogate which implements a cache. > > That's marketing doublespeak. It's a cache. Err, no, it's the terminology defined in the WREC Taxonomy. There can be significant differences in the cache implemented by a proxy and that implemented by a surrogate. > There is certainly a model for client-directed caching; several > have worked just fine. Local premesis caching works if the > organization is large (e.g., a school, a company, or a large ISP). > Egress/ingress caching works on national scales, esp. where > bandwidth is limited (e.g., Australia). There is a model, yes, but I'd debate that it's worked "just fine". Cheers, -- Mark Nottingham http://www.mnot.net/ From owner-ietf-openproxy Wed Sep 20 10:30:14 2000 Received: (from majordomo@localhost) by ns.secondary.com (8.9.3/8.9.3) id KAA03142 for ietf-openproxy-bks; Wed, 20 Sep 2000 10:30:14 -0700 (PDT) Received: from prv-mail20.provo.novell.com (prv-mail20.provo.novell.com [137.65.81.122]) by ns.secondary.com (8.9.3/8.9.3) with SMTP id KAA03138 for ; Wed, 20 Sep 2000 10:30:13 -0700 (PDT) Received: from INET-PRV-Message_Server by prv-mail20.provo.novell.com with Novell_GroupWise; Wed, 20 Sep 2000 11:04:01 -0600 Message-Id: X-Mailer: Novell GroupWise Internet Agent 5.5.4.1 Date: Wed, 20 Sep 2000 11:03:51 -0600 From: "Hilarie Orman" To: , Cc: Subject: Re: End to End thoughts [long] Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Disposition: inline Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by ns.secondary.com id KAA03139 Sender: owner-ietf-openproxy@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: If you've already bought into NAT, then pointing to an interception proxy as "evil" is simply pot-kettle calling. I'd be quite happy to have application headers contain directives to intermediaries describing the semantics (esp. "stateless; copyrighted; cacheable", "multipart; modifiable by insertion", "opaque") and authorizations ("customizable by enduser", "insertions by brokers"). However, it's more realistic right now to accomplish this by context, environment, and what amount to service level agreements about content between publishers and distributors. I agree that there are problems associated with modifiable content, but there are also huge advantages. Some things really should look different depending on where they are in the network. It all depends on what you mean by content and what the intent of the publisher is. To take a minor example, in traditional publishing the consumer doesn't get to specify the color or size of the paper and the text fonts; with browsers and HTML, the user can override the publisher's specification. In the physical world, such tricks may well be illegal. We need to assure that publishers and consumers can specify and resolve their rights and preferences in protocols so that intermediaries can exercise their capabilities in accordance with their expectations. Hilarie >>> Mark Nottingham 09/18/00 09:14PM >>> There's been a lot of talk in various places about end-to-end problems, and their relation to intermediates (e.g., HTTP caching proxies, surrogates, etc.). Things have gotten somewhat religious. Rather than go down that road, I'd like to examine the issues and separate them into distinct problems. * Network Layer The end-to-end principle applies to *network* layer functions; it is not meant to preclude an application-level gateway. I _think_ that most everyone will agree that functions that break end-to-end transparency at the network layer cause problems. In other words, Interception Proxies are Evil. While it's nice to think that we can convince the world of this, it's more realistic to find out why people use them, and give them a better alternative. To my knowledge, most people use them because they need an easy way to assure that Web traffic (or at least port 80) goes through a proxy. While browser have proxy auto-configuration, it hasn't changed in quite a few years, there's no standard to implement, and it relies on JavaScript. WPAD was a good start; unfortunately, it never really went to far beyond Microsoft. Additionally, a more sensible, standard format for the configuration file would help. Over all of this, we need participation from the browser vendors, or we won't get anywhere. * Application Layer All of this being said, HTTP intermediates *do* raise issues at the application layer, which aren't end-to-end problems, but do get confused with them, as the causes are similar. Proxies and surrogates can do a number of things to requests and responses as they flow through. I've been roughly classifying them as; - access control (e.g., blocking, filtering) - request modification (URI rewriting) - response modification (transcoding) These operations are often performed in the interest of one of different parties: - content provider - access provider - user There have been numerous papers and discussions about the interesting things that can be done by intermediates. However, I don't think there's enough attention being paid to the problems that enabling these functions on intermediates can cause. * HTTP The HTTP makes a primary assumption of semantic transparency - that an entity body will not be changed 'in flight' - that, discounting transfer-encodings and so forth, what the server sends in the response is what the client gets. Jeff Mogul brought up issues with entity identity, as expressed in the ETag, in Lisbon. There was also general concern (it may have been Jeff in particular, my memory isn't that good) that an operation performed in one portion of the network may not be performed in another, causing unpredicatable behaviours. There are lots of other little examples here that should be covered, but I'll leave it for now. * URI One of the premises of URIs is that they refer to a specific, identifyable resource, and that the authority for that resource has control over it. Many applications have dependencies on this. PICS, Robots Exclusion, P3P, and other kinds of metadata systems break, sometimes disasterously, when intermediates change the semantics and/or payload of a message. The privacy implications are especially of concern. Overall, content providers have a reasonable expectation that the object which they deliver will be the one that the user gets, unless the user doesn't want it. These effects are largely social and legal; however, they're enabled by the technology that's being pushed out there. We need to reconcile the capabilities of the products and frameworks that we're building with the expectations that have been set by our base protocols. It's interesting that Web caching seems to be losing ground to CDNs so rapidly; to me, this illustrates the point perfectly. Web caching was always performed in the interest of the access provider, not the content provider (or arguably even the user). As a result, content providers don't trust Web caches. What's it going to be like out there when access providers can slip a transcoding, rewriting module into a proxy on the fly? One person who I've talked about this with pointed out the issues we had a while back in caches vs. copyright, legally. There's much more direct potential for problems here. -- Mark Nottingham http://www.mnot.net/ From owner-ietf-openproxy Wed Sep 20 10:47:39 2000 Received: by ns.secondary.com (8.9.3/8.9.3) id KAA03375 for ietf-openproxy-bks; Wed, 20 Sep 2000 10:47:39 -0700 (PDT) Received: from calcite.rhyolite.com (calcite.rhyolite.com [38.159.140.3]) by ns.secondary.com (8.9.3/8.9.3) with ESMTP id KAA03371 for ; Wed, 20 Sep 2000 10:47:38 -0700 (PDT) Received: (from vjs@localhost) by calcite.rhyolite.com (8.11.0/8.11.0) id e8KHoOe06392 env-from ; Wed, 20 Sep 2000 11:50:24 -0600 (MDT) Date: Wed, 20 Sep 2000 11:50:24 -0600 (MDT) From: Vernon Schryver Message-Id: <200009201750.e8KHoOe06392@calcite.rhyolite.com> To: wrec@cs.utk.edu Subject: Re: End to End thoughts [long] Cc: ietf-openproxy@imc.org Sender: owner-ietf-openproxy@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: > From: "Hilarie Orman" > To: , > Cc: > If you've already bought into NAT, then pointing to an interception > proxy as "evil" is simply pot-kettle calling. No, interception proxies are far worse than NAT. NAT merely breaks technical stuff. Interception proxies break all of the technical things that NAT boxes break and significantly more. E.g. AOL's SMTP redirection proxies probably break some addresses. Then interception proxies do really nasty non-technical things. They are open invitations for nasty non-technical things, from censorship to much easier snooping. For example, if some of the reports about the FBI's Carnivore are accurate, then AOL's SMTP interception proxies would far more easily and reliably do that job. > ... > To my knowledge, most people use them because they need an easy way (interception proxies) > to assure that Web traffic (or at least port 80) goes through a > proxy. ... A lot of people use various HTTP proxies, presumably including redirection proxies, to filter content. I know people who use them to "protect" their own children. (Never mind that I strongly disagree with them.) AOL's SMTP interception proxies are against spam. AOL adds header lines to SMTP messages and may filter objectionable content. Current rumors suggest that if AOL does filter SMTP on content with their SMTP redirection proxies, then they do it only by rate limiting. However, if they only rate limit, more than the censorship camel's nose is in the tent. Vernon Schryver vjs@rhyolite.com From owner-ietf-openproxy Wed Sep 20 10:52:02 2000 Received: (from majordomo@localhost) by ns.secondary.com (8.9.3/8.9.3) id KAA03408 for ietf-openproxy-bks; Wed, 20 Sep 2000 10:52:02 -0700 (PDT) Received: from 1-132.mnot.net (adsl-63-201-242-106.dsl.snfc21.pacbell.net [63.201.242.106]) by ns.secondary.com (8.9.3/8.9.3) with ESMTP id KAA03404 for ; Wed, 20 Sep 2000 10:52:01 -0700 (PDT) Received: by 1-132.mnot.net (Postfix, from userid 500) id BEE3B6601; Wed, 20 Sep 2000 13:57:33 -0700 (PDT) Date: Wed, 20 Sep 2000 13:57:33 -0700 From: Mark Nottingham To: Hilarie Orman Cc: wrec@cs.utk.edu, ietf-openproxy@imc.org Subject: Re: End to End thoughts [long] Message-ID: <20000920135732.B890@mnot.net> References: Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2i In-Reply-To: ; from HORMAN@novell.com on Wed, Sep 20, 2000 at 11:03:51AM -0600 Sender: owner-ietf-openproxy@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: On Wed, Sep 20, 2000 at 11:03:51AM -0600, Hilarie Orman wrote: [...] > I'd be quite happy to have application headers contain directives > to intermediaries describing the semantics (esp. "stateless; copyrighted; > cacheable", "multipart; modifiable by insertion", "opaque") and authorizations > ("customizable by enduser", "insertions by brokers"). However, it's more > realistic right now to accomplish this by context, environment, and what > amount to service level agreements about content between > publishers and distributors. I very much agree. Right now, I think we're at a point where we can try to get a handle on what's acceptable without some form of negotiation. > I agree that there are problems associated with modifiable content, > but there are also huge advantages. Some things really should look > different depending on where they are in the network. It all depends > on what you mean by content and what the intent of the publisher > is. To take a minor example, in traditional publishing the consumer > doesn't get to specify the color or size of the paper and the text fonts; > with browsers and HTML, the user can override the publisher's > specification. In the physical world, such tricks may well be illegal. I won't dispute the benefits, but this does break some assumptions in the HTTP and URI specifications. We need to deal with that. > We need to assure that publishers and consumers can specify and > resolve their rights and preferences in protocols so that intermediaries can > exercise their capabilities in accordance with their expectations. Here's a more concrete example of the kind of problem I'm talking about: The W3C's P3P working group is putting together a platform which allows specification of an XML privacy policy based on a URI. The major mechanism for this is a metadata file in a well-known location at the origin server which dictates how policies are applied to resources. If a proxy inserts ads, rewrites URIs, or does something else to change the privacy attributes of the resource, the privacy policy is invalid. If the content provider doesn't know about this, they're making privacy guarantees for resources that are beyond their control. P3P is unaware of the potential for modification of an object in the network, because a URI points to an identifiable resource, and semantic transparency is assumed in the HTTP. While the HTTP doesn't specifically forbid lack of transparency, it does put limitations on how it may happen; Requirements for performance, availability, and disconnected operation require us to be able to relax the goal of semantic transparency. The HTTP/1.1 protocol allows origin servers, caches, and clients to explicitly reduce transparency when necessary. However, because non-transparent operation may confuse non-expert users, and might be incompatible with certain server applications (such as those for ordering merchandise), the protocol requires that transparency be relaxed * only by an explicit protocol-level request when relaxed by client or origin server * only with an explicit warning to the end user when relaxed by cache or client There are many assumptions in efforts like P3P that will break when you break semantic transparency. I haven't brought this up in the WG yet, because I wanted to get comments from this group. -- Mark Nottingham http://www.mnot.net/ From owner-ietf-openproxy Wed Sep 20 12:06:54 2000 Received: by ns.secondary.com (8.9.3/8.9.3) id MAA04762 for ietf-openproxy-bks; Wed, 20 Sep 2000 12:06:54 -0700 (PDT) Received: from astro.cs.utk.edu (ASTRO.CS.UTK.EDU [128.169.93.168]) by ns.secondary.com (8.9.3/8.9.3) with ESMTP id MAA04758 for ; Wed, 20 Sep 2000 12:06:53 -0700 (PDT) Received: from astro.cs.utk.edu (LOCALHOST [127.0.0.1]) by astro.cs.utk.edu (cf 8.9.3) with ESMTP id PAA03083; Wed, 20 Sep 2000 15:09:36 -0400 (EDT) Message-Id: <200009201909.PAA03083@astro.cs.utk.edu> X-URI: http://www.cs.utk.edu/~moore/ From: Keith Moore To: Vernon Schryver cc: wrec@cs.utk.edu, ietf-openproxy@imc.org Subject: Re: End to End thoughts [long] In-reply-to: Your message of "Wed, 20 Sep 2000 11:50:24 MDT." <200009201750.e8KHoOe06392@calcite.rhyolite.com> Date: Wed, 20 Sep 2000 15:09:36 -0400 Sender: owner-ietf-openproxy@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: good summary. interception proxies should really be illegal except when provided by the content-provider or by the end user. Keith From owner-ietf-openproxy Wed Sep 20 15:35:17 2000 Received: (from majordomo@localhost) by ns.secondary.com (8.9.3/8.9.3) id PAA09271 for ietf-openproxy-bks; Wed, 20 Sep 2000 15:35:17 -0700 (PDT) Received: from nemo.corp.equinix.com (somehost-5.equinix.net [207.20.85.157] (may be forged)) by ns.secondary.com (8.9.3/8.9.3) with ESMTP id PAA09267 for ; Wed, 20 Sep 2000 15:35:16 -0700 (PDT) From: hardie@equinix.com Received: (from hardie@localhost) by nemo.corp.equinix.com (8.9.3/8.9.3) id PAA06084; Wed, 20 Sep 2000 15:37:17 -0700 (PDT) Message-Id: <200009202237.PAA06084@nemo.corp.equinix.com> Subject: Re: End to End thoughts [long] To: mnot@mnot.net (Mark Nottingham) Date: Wed, 20 Sep 2000 15:37:17 -0700 (PDT) Cc: HORMAN@novell.com (Hilarie Orman), wrec@cs.utk.edu, ietf-openproxy@imc.org In-Reply-To: <20000920135732.B890@mnot.net> from "Mark Nottingham" at Sep 20, 2000 01:57:33 PM Reply-to: hardie@equinix.com X-Mailer: ELM [version 2.5 PL3] MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-ietf-openproxy@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: I've been trying to get a handle on how to express the problems I have with the framing of the end2end principal in this context. In the discussion below, Hilarie and Mark have obliquely pointed out where the problem lies: the distinction between service and protocol. The end2end principal derives from one of the most fundamental aspects of datagram networking, and it boils down to the notion that the end points of a network connection should be the only ones who need to care about the connection itself. The intermediate devices should be able to examine the datagram and know what to do (forward it somewhere, almost always), but they should not have to care about the connection between the two end points. The problem arises with the conflation of that network connection with a particular service provided on top of the network. It's an easy problem to have, because services have been historically provided at specific network nodes. Many URL schemes (and DNS names in general) resolve to specific nodes and specific ports, and the reason that so many people insert their service between the DNS request and the resolution is that that step is the closest one we have historically had to a service layer addressing scheme (yes, yes, SRVLOC exists--don't jump ahead). Once that resolution has taken place, though, most things boil down to a service layered on a end-to-end network connection. HTTP is a classic example of this: a unicast request/response protocol designed to make a local copy of a network-addressable resource. Making a local copy of a network-addressable resource is a pretty easy-to-describe service. The scaling problems with using that same unicast request/response protocol for every potential service on the network, though, have meant that more and more has been added to the protocol to support new service requirements or better support the scale of the existing service. As those got added in, that service ceased to be quite so easily layered on an end-to-end network connection. One early result of this was that the network addressable resource named in the HTTP URL might be provided by a node other than the node to which the address resolved; this was only the case, though, when a requestor had designated another node (a caching proxy) as a potential intermediate. Now service providers using HTTP also designate other nodes as potential agents (via surrogates and CDNs). With the service now being potentially provided through a chain that looks like: client--->caching proxy--->surrogate---->origin origin--->surrogate---->caching proxy--->client it's easy to see that the end2end connection between client and resource is not a necessary part of the service provision, even if the service provided is the same old making a local copy of a network addressable resource. There were, however, things you got for free when the client and the origin were the only parties to the service: freshness guarantees, some weak authentication, etc. Now they all those have to be made explicit. As Joe Touch has said, you can't substitute the aggregate of the hop-by-hop equivalents for an end2end connection. TLS between a client and a proxy, between the proxy and the surrogate and the surrogate and the origin does not add up to TLS between the client and the origin. As Vladis, Keith, and others have pointed out, one of the results of this is that modification can take place without the principal parties to the service being aware of that modification. That's bad, and we all know it. What we don't have a clear handle on is how to fix the problem without ripping out what we have now. I hope we can agree that we must substitute a service-based view of the applications for a connection-based view if we are to meet the current need. On a related note, I believe that one barrier to this at the moment is the continued use by the W3C of URLs as stand alone identifiers. As noted above, in some applications the resource named by a URL may be supplied by some other agent in the service; knowing that, the W3C has concluded that it is appropriate to use URLs as identifiers without reference to whether the resource is or is not available at that URL. Continuing to conflate a location and a resource once we have reached this point creates many more problems, in my view, than it can possibly solve. Working to create service addressing mechanisms that do not derive from network location seems to me a critical step to moving beyond application designs which presume the wrong things about service delivery. regards, Ted Hardie PS: If anyone reads the above as being a purist preaching, please understand that I am as big a sinner here as there is among us, and I am not trying to disavow the cruft for which I am personally responsible. > > On Wed, Sep 20, 2000 at 11:03:51AM -0600, Hilarie Orman wrote: > [...] > > I'd be quite happy to have application headers contain directives > > to intermediaries describing the semantics (esp. "stateless; copyrighted; > > cacheable", "multipart; modifiable by insertion", "opaque") and authorizations > > ("customizable by enduser", "insertions by brokers"). However, it's more > > realistic right now to accomplish this by context, environment, and what > > amount to service level agreements about content between > > publishers and distributors. > > I very much agree. Right now, I think we're at a point where we can try to > get a handle on what's acceptable without some form of negotiation. > > > > I agree that there are problems associated with modifiable content, > > but there are also huge advantages. Some things really should look > > different depending on where they are in the network. It all depends > > on what you mean by content and what the intent of the publisher > > is. To take a minor example, in traditional publishing the consumer > > doesn't get to specify the color or size of the paper and the text fonts; > > with browsers and HTML, the user can override the publisher's > > specification. In the physical world, such tricks may well be illegal. > > I won't dispute the benefits, but this does break some assumptions in > the HTTP and URI specifications. We need to deal with that. > > > > We need to assure that publishers and consumers can specify and > > resolve their rights and preferences in protocols so that intermediaries can > > exercise their capabilities in accordance with their expectations. > > > Here's a more concrete example of the kind of problem I'm talking about: > > The W3C's P3P working group is putting together a platform which allows > specification of an XML privacy policy based on a URI. The major mechanism > for this is a metadata file in a well-known location at the origin server > which dictates how policies are applied to resources. > > If a proxy inserts ads, rewrites URIs, or does something else to change the > privacy attributes of the resource, the privacy policy is invalid. If the > content provider doesn't know about this, they're making privacy guarantees > for resources that are beyond their control. > > P3P is unaware of the potential for modification of an object in the > network, because a URI points to an identifiable resource, and semantic > transparency is assumed in the HTTP. > > While the HTTP doesn't specifically forbid lack of transparency, it does put > limitations on how it may happen; > > Requirements for performance, availability, and disconnected operation > require us to be able to relax the goal of semantic transparency. The > HTTP/1.1 protocol allows origin servers, caches, and clients to explicitly > reduce transparency when necessary. However, because non-transparent > operation may confuse non-expert users, and might be incompatible with > certain server applications (such as those for ordering merchandise), the > protocol requires that transparency be relaxed > > * only by an explicit protocol-level request when relaxed by client or > origin server > > * only with an explicit warning to the end user when relaxed by cache or > client > > There are many assumptions in efforts like P3P that will break when you > break semantic transparency. > > I haven't brought this up in the WG yet, because I wanted to get comments > from this group. > > -- > Mark Nottingham > http://www.mnot.net/ > From owner-ietf-openproxy Wed Sep 20 18:29:24 2000 Received: by ns.secondary.com (8.9.3/8.9.3) id SAA12196 for ietf-openproxy-bks; Wed, 20 Sep 2000 18:29:24 -0700 (PDT) Received: from prv-mail20.provo.novell.com (prv-mail20.provo.novell.com [137.65.81.122]) by ns.secondary.com (8.9.3/8.9.3) with SMTP id SAA12191 for ; Wed, 20 Sep 2000 18:29:22 -0700 (PDT) Received: from INET-PRV-Message_Server by prv-mail20.provo.novell.com with Novell_GroupWise; Wed, 20 Sep 2000 19:29:43 -0600 Message-Id: X-Mailer: Novell GroupWise Internet Agent 5.5.4.1 Date: Wed, 20 Sep 2000 19:29:47 -0600 From: "Hilarie Orman" To: Subject: Workshop presentations on website Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Disposition: inline Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by ns.secondary.com id SAA12192 Sender: owner-ietf-openproxy@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: The presentations from the September 13 workshop are available via http://www.extproxy.org. Hilarie From owner-ietf-openproxy Fri Sep 22 05:55:43 2000 Received: by ns.secondary.com (8.9.3/8.9.3) id FAA02094 for ietf-openproxy-bks; Fri, 22 Sep 2000 05:55:43 -0700 (PDT) Received: from localhost.localdomain ([216.73.149.66]) by ns.secondary.com (8.9.3/8.9.3) with ESMTP id FAA02090 for ; Fri, 22 Sep 2000 05:55:41 -0700 (PDT) Received: (from mcmanus@localhost) by localhost.localdomain (8.9.3/8.8.7) id TAA00798; Thu, 21 Sep 2000 19:40:31 -0400 Date: Thu, 21 Sep 2000 19:39:16 -0400 From: Patrick McManus To: Mark Nottingham Cc: WREC Working Group , ietf-openproxy@imc.org Subject: Re: End to End thoughts [long] Message-ID: <20000921193916.A791@appliedtheory.com> Reply-To: mcmanus@appliedtheory.com References: <20000918201408.D2609@mnot.net> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2i In-Reply-To: <20000918201408.D2609@mnot.net>; from mnot@mnot.net on Mon, Sep 18, 2000 at 08:14:08PM -0700 Sender: owner-ietf-openproxy@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: [Mark Nottingham: Mon, Sep 18, 2000 at 08:14:08PM -0700] > It's interesting that Web caching seems to be losing ground to CDNs > so rapidly; to me, this illustrates the point perfectly. Web caching > was always performed in the interest of the access provider, not the > content provider (or arguably even the user). As a result, content > providers don't trust Web caches. I think your conclusion doesn't go far enough. I completely agree that caching is moving from a information consumer to information provider driven model, but I think this is because of both a lack of trust on the part of the information provider (as you assert) and a desire to see more thorough deployments. Information consumers, in many situations, didn't have sufficient motivation to deploy the infrastructure that the providers do and this limited the breadth of installations. CDN as an extension of hosting has really come, and I suspect will be with us for a while.. it makes interesting economic models available as choices.. (can I go with a bargain basement origin hosting facility if I have a decent CDN? Probably depends on your content..) -P From owner-ietf-openproxy Fri Sep 22 11:06:33 2000 Received: by ns.secondary.com (8.9.3/8.9.3) id LAA12878 for ietf-openproxy-bks; Fri, 22 Sep 2000 11:06:33 -0700 (PDT) Received: from prv-mail20.provo.novell.com (prv-mail20.provo.novell.com [137.65.81.122]) by ns.secondary.com (8.9.3/8.9.3) with SMTP id LAA12874 for ; Fri, 22 Sep 2000 11:06:32 -0700 (PDT) Received: from INET-PRV-Message_Server by prv-mail20.provo.novell.com with Novell_GroupWise; Fri, 22 Sep 2000 12:08:57 -0600 Message-Id: X-Mailer: Novell GroupWise Internet Agent 5.5.3.1 Date: Fri, 22 Sep 2000 12:08:53 -0600 From: "Hilarie Orman" To: , Cc: , Subject: Re: End to End thoughts [long] Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Disposition: inline Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by ns.secondary.com id LAA12875 Sender: owner-ietf-openproxy@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: Choosing a deployment method depends on the cost of the bandwidth. It comes down to a minimization problem. That's the original motivation for caching/replication and will always be a critical part of Internet scalability. It's interesting to compare this to the evolution of distribution of other forms of content, historically. New technology rolls through the same set of economic forces as the old. An important question that Andrew Odlyzko of ATT Research has been noting for some time, is that historically there is a greater economic incentive for person-person communication that for content distribution, and therefore, it may be more important to engineer infrastructure for the former rather than the latter. Hilarie >>> Patrick McManus 09/21/00 05:39PM >>> [Mark Nottingham: Mon, Sep 18, 2000 at 08:14:08PM -0700] > It's interesting that Web caching seems to be losing ground to CDNs > so rapidly; to me, this illustrates the point perfectly. Web caching > was always performed in the interest of the access provider, not the > content provider (or arguably even the user). As a result, content > providers don't trust Web caches. I think your conclusion doesn't go far enough. I completely agree that caching is moving from a information consumer to information provider driven model, but I think this is because of both a lack of trust on the part of the information provider (as you assert) and a desire to see more thorough deployments. Information consumers, in many situations, didn't have sufficient motivation to deploy the infrastructure that the providers do and this limited the breadth of installations. CDN as an extension of hosting has really come, and I suspect will be with us for a while.. it makes interesting economic models available as choices.. (can I go with a bargain basement origin hosting facility if I have a decent CDN? Probably depends on your content..) -P From owner-ietf-openproxy Mon Sep 25 15:51:30 2000 Received: by ns.secondary.com (8.9.3/8.9.3) id PAA26107 for ietf-openproxy-bks; Mon, 25 Sep 2000 15:51:30 -0700 (PDT) Received: from mercury.Sun.COM (mercury.Sun.COM [192.9.25.1]) by ns.secondary.com (8.9.3/8.9.3) with ESMTP id PAA26102 for ; Mon, 25 Sep 2000 15:51:28 -0700 (PDT) Received: from sunmail1.Sun.COM ([129.145.1.2]) by mercury.Sun.COM (8.9.3+Sun/8.9.3) with ESMTP id PAA06819 for ; Mon, 25 Sep 2000 15:54:42 -0700 (PDT) Received: from jurassic.eng.sun.com (jurassic.Eng.Sun.COM [129.146.82.166]) by sunmail1.Sun.COM (8.9.1b+Sun/8.9.1/ENSMAIL,v1.6.1-sunmail1) with ESMTP id PAA24773 for ; Mon, 25 Sep 2000 15:54:42 -0700 (PDT) Received: from viper (viper.Eng.Sun.COM [129.146.88.132]) by jurassic.eng.sun.com (8.11.1.Beta1+Sun/8.11.1.Beta1) with SMTP id e8PMsfe938374 for ; Mon, 25 Sep 2000 15:54:41 -0700 (PDT) Message-Id: <200009252254.e8PMsfe938374@jurassic.eng.sun.com> Date: Mon, 25 Sep 2000 15:55:30 -0700 (PDT) From: Michael Condry Reply-To: Michael Condry Subject: EPSFW Web site updates To: ietf-openproxy@imc.org MIME-Version: 1.0 Content-Type: TEXT/plain; charset=us-ascii Content-MD5: /SpYpSY9VE/6SEq7S7Y8bg== X-Mailer: dtmail 1.3.0 @(#)CDE Version 1.4 SunOS 5.8 sun4u sparc Sender: owner-ietf-openproxy@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: ALL- Hilarie has updated the web site. If your presentation is missing then get it to me. Others, comments? Michael From owner-ietf-openproxy Wed Sep 27 09:45:31 2000 Received: by ns.secondary.com (8.9.3/8.9.3) id JAA01510 for ietf-openproxy-bks; Wed, 27 Sep 2000 09:45:31 -0700 (PDT) Received: from 1-132.mnot.net (adsl-63-201-242-106.dsl.snfc21.pacbell.net [63.201.242.106]) by ns.secondary.com (8.9.3/8.9.3) with ESMTP id JAA01506 for ; Wed, 27 Sep 2000 09:45:30 -0700 (PDT) Received: by 1-132.mnot.net (Postfix, from userid 500) id 616EB6601; Wed, 27 Sep 2000 09:48:39 -0700 (PDT) Date: Wed, 27 Sep 2000 09:48:39 -0700 From: Mark Nottingham To: WREC Working Group , ietf-openproxy@imc.org Subject: [Internet-Drafts@ietf.org: I-D ACTION:draft-nottingham-cache-extensions-00.txt] Message-ID: <20000927094837.A1064@mnot.net> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2i Sender: owner-ietf-openproxy@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: This is a draft of something I helped cook up at my previous job, with a cache vendor. Some people have been asking for this type of functionality recently, so here it is (much delayed). Cheers, ----- Forwarded message from Internet-Drafts@ietf.org ----- Date: Wed, 27 Sep 2000 06:31:15 -0400 From: Internet-Drafts@ietf.org Reply-To: Internet-Drafts@ietf.org To: IETF-Announce: ; Subject: I-D ACTION:draft-nottingham-cache-extensions-00.txt A New Internet-Draft is available from the on-line Internet-Drafts directories. Title : HTTP Cache Control Extensions for Direct Cache Manipulation Author(s) : M. Nottingham Filename : draft-nottingham-cache-extensions-00.txt Pages : 5 Date : 25-Sep-00 HTTP/1.1 provides for extensions to Cache-Control headers, which provide new methods of controlling caches. This document specifies extensions which allow content providers more precise control over shared caches. A URL for this Internet-Draft is: http://www.ietf.org/internet-drafts/draft-nottingham-cache-extensions-00.txt Internet-Drafts are also available by anonymous FTP. Login with the username "anonymous" and a password of your e-mail address. After logging in, type "cd internet-drafts" and then "get draft-nottingham-cache-extensions-00.txt". A list of Internet-Drafts directories can be found in http://www.ietf.org/shadow.html or ftp://ftp.ietf.org/ietf/1shadow-sites.txt Internet-Drafts can also be obtained by e-mail. Send a message to: mailserv@ietf.org. In the body type: "FILE /internet-drafts/draft-nottingham-cache-extensions-00.txt". NOTE: The mail server at ietf.org can return the document in MIME-encoded form by using the "mpack" utility. To use this feature, insert the command "ENCODING mime" before the "FILE" command. To decode the response(s), you will need "munpack" or a MIME-compliant mail reader. Different MIME-compliant mail readers exhibit different behavior, especially when dealing with "multipart" MIME messages (i.e. documents which have been split up into multiple messages), so check your local documentation on how to manipulate these messages. Below is the data which will enable a MIME compliant mail reader implementation to automatically retrieve the ASCII version of the Internet-Draft. ----- End forwarded message ----- -- Mark Nottingham http://www.mnot.net/ From owner-ietf-openproxy Thu Oct 5 12:30:57 2000 Received: by ns.secondary.com (8.9.3/8.9.3) id MAA09287 for ietf-openproxy-bks; Thu, 5 Oct 2000 12:30:57 -0700 (PDT) Received: from prv-mail20.provo.novell.com (prv-mail20.provo.novell.com [137.65.81.122]) by ns.secondary.com (8.9.3/8.9.3) with SMTP id MAA09283 for ; Thu, 5 Oct 2000 12:30:55 -0700 (PDT) Received: from INET-PRV-Message_Server by prv-mail20.provo.novell.com with Novell_GroupWise; Thu, 05 Oct 2000 13:34:26 -0600 Message-Id: X-Mailer: Novell GroupWise Internet Agent 5.5.3.1 Date: Thu, 05 Oct 2000 13:34:13 -0600 From: "Hilarie Orman" To: Subject: Agenda for IETF San Diego EPSFW meeting Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Disposition: inline Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by ns.secondary.com id MAA09284 Sender: owner-ietf-openproxy@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: We need to assemble an agenda for our meeting at the next IETF. Please send me your presentation title and the amount of time you'll need. We'd like to hear about prototyping efforts, use cases, proxylet languages, ICAP implementations, authentication and authorization, identity definitions, etc. Hilarie From owner-ietf-openproxy Thu Oct 19 11:34:56 2000 Received: by ns.secondary.com (8.9.3/8.9.3) id LAA07365 for ietf-openproxy-bks; Thu, 19 Oct 2000 11:34:56 -0700 (PDT) Received: from akamai.com (akafire-exodus.akamai.com [64.14.77.2]) by ns.secondary.com (8.9.3/8.9.3) with ESMTP id LAA07361 for ; Thu, 19 Oct 2000 11:34:54 -0700 (PDT) Received: from akamai.com (vwall1.kendall.akamai.com [172.24.40.125]) by akamai.com (8.10.1/8.10.1) with ESMTP id e9JIdjC11585 for ; Thu, 19 Oct 2000 14:39:45 -0400 (EDT) Received: from ssh-gw.sanmateo.akamai.com (IDENT:root@ssh-gw.sanmateo.akamai.com [172.23.1.53]) by akamai.com (8.10.1/8.10.1) with ESMTP id e9JIdGb11408 for ; Thu, 19 Oct 2000 14:39:26 -0400 (EDT) Received: (from mnot@localhost) by ssh-gw.sanmateo.akamai.com (8.9.3/8.9.3) id LAA25691 for ietf-openproxy@imc.org; Thu, 19 Oct 2000 11:37:16 -0700 Date: Thu, 19 Oct 2000 11:37:16 -0700 From: Mark Nottingham To: ietf-openproxy@imc.org Subject: Charter? Message-ID: <20001019113715.C25550@akamai.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2i Sender: owner-ietf-openproxy@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: I've seen a new name for this group floating around, but no references to how that came about... just curious, what's the story? Also, does (whatever this effort is now ;) have a proposed charter for the BOF? Cheers, -- Mark Nottingham, Research Scientist Akamai Technologies (San Mateo, CA) From owner-ietf-openproxy Thu Oct 19 12:02:25 2000 Received: by ns.secondary.com (8.9.3/8.9.3) id MAA08392 for ietf-openproxy-bks; Thu, 19 Oct 2000 12:02:25 -0700 (PDT) Received: from prv-mail20.provo.novell.com (prv-mail20.provo.novell.com [137.65.81.122]) by ns.secondary.com (8.9.3/8.9.3) with SMTP id MAA08388 for ; Thu, 19 Oct 2000 12:02:24 -0700 (PDT) Received: from INET-PRV-Message_Server by prv-mail20.provo.novell.com with Novell_GroupWise; Thu, 19 Oct 2000 13:07:06 -0600 Message-Id: X-Mailer: Novell GroupWise Internet Agent 5.5.5.1 Date: Thu, 19 Oct 2000 13:06:54 -0600 From: "Hilarie Orman" To: , Subject: Re: Charter? Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Disposition: inline Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by ns.secondary.com id MAA08389 Sender: owner-ietf-openproxy@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: I am acronym facile; the IETF call for working groups required an acronym, and Open Extensible Proxy Services has an acceptable acronym that is the weighted average of all names that have been used for this group. So, I used it; consistency, you know, is the hobgoblin of little minds. Of course, the charter should be a product of the first BOF or WG meeting, but this is what I've submitted as a placeholder: The proxy services area defines protocols and API's that enable proxies extend their services beyond protocol relays and caching. The working group will develop documents defining the architecture, policy model and elements, and terminology. Protocols for delivering new services and policies related to their execution will be defined and developed. Other protocols, allowing the services to communicate information about the protocol elements of the proxied protocol, will be developed. A security architecture for the administration of proxies with third party services will be defined. The API to core services, such as protocol control and use, will be defined. Hilarie From owner-ietf-openproxy Mon Oct 23 12:59:42 2000 Received: (from majordomo@localhost) by ns.secondary.com (8.9.3/8.9.3) id MAA22840 for ietf-openproxy-bks; Mon, 23 Oct 2000 12:59:42 -0700 (PDT) Received: from mercury.Sun.COM (mercury.Sun.COM [192.9.25.1]) by ns.secondary.com (8.9.3/8.9.3) with ESMTP id MAA22836 for ; Mon, 23 Oct 2000 12:59:41 -0700 (PDT) Received: from sunmail1.Sun.COM ([129.145.1.2]) by mercury.Sun.COM (8.9.3+Sun/8.9.3) with ESMTP id NAA03485; Mon, 23 Oct 2000 13:04:54 -0700 (PDT) Received: from jurassic.eng.sun.com (jurassic.Eng.Sun.COM [129.146.84.31]) by sunmail1.Sun.COM (8.9.1b+Sun/8.9.1/ENSMAIL,v1.6.1-sunmail1) with ESMTP id NAA17201; Mon, 23 Oct 2000 13:04:53 -0700 (PDT) Received: from viper (viper.Eng.Sun.COM [129.146.88.132]) by jurassic.eng.sun.com (8.11.1+Sun/8.11.1) with SMTP id e9NK4qf903332; Mon, 23 Oct 2000 13:04:52 -0700 (PDT) Message-Id: <200010232004.e9NK4qf903332@jurassic.eng.sun.com> Date: Mon, 23 Oct 2000 13:05:45 -0700 (PDT) From: Michael Condry Reply-To: Michael Condry Subject: update for a 49th IETF WG/BOF Scheduling request To: paf@cisco.com, Ned.Freed@west.sun.com, agenda@ietf.org Cc: ietf-openproxy@imc.org, dinaras@ietf.org, marcia@ietf.org MIME-Version: 1.0 Content-Type: TEXT/plain; charset=us-ascii Content-MD5: oDoXxMMSCB0Ceeu+z7OiMw== X-Mailer: dtmail 1.3.0 @(#)CDE Version 1.4 SunOS 5.8 sun4u sparc Sender: owner-ietf-openproxy@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: This is an update of an Working Group request sent earlier on October 8th: This is an updated request for a new working group meeting at the 49th IETF. The group is Open and Extensible Proxy Services, OEPS, in the applications area. There is a draft, draft-tomlinson-epsfw-00.txt, describing the architecture of the proxy services environment, an open mailing list, ietf-openproxy@imc.org, a website, www.extproxy.org, and the presentations at a technology workshop for this sort of architecture that was held on September 13 are at the website. The proposed agenda is Introduction: Hilarie Orman Use Cases: Marcus Hofmann and Michael Condry Workshop Summary: Michael Condry Revelant ICAP Progress: TBD Relationship to CDN Peering: Mark Day Document Roadmap: Hilarie Orman Architecture Discussion Discussion of other documents Assignments and Administrivia The proxy services area defines protocols and API's that enable proxies extend their services beyond protocol relays and caching. The working group will develop documents defining the architecture, policy model and elements, and terminology. The working group will also work with other working groups where that can apply this architecture to resolve problems in under their charter. The kinds of services where the architecture can be applied include: - Proxy functions such as URL accounting, and transcoding from a general HTML or XML description into one suitable for the user agent. - Callout services such as iCAP. - Content driven caching services such as for streaming. - Content driven network management. - Embedded systems director. Protocols for delivering new services and policies related to their execution will be defined and developed. Other protocols, allowing the services to communicate information about the protocol elements of the proxied protocol, will be developed. Cross working group problem areas, such as caching, will focus on the proxy architecture cooperating with the appropriate working group - such as WREC for caching. A security architecture for the administration of proxies with third party services will be defined. The API to core services, such as protocol control and use, will be defined. This group may also be a suitable home for starting organization of callout services. Our proxy architecture will be consistent the needs of the CDN Peering effort. We will have formal liaisons with WREC, CDN, or other appropriate working groups. We expect attendance of 50 people; we would like to avoid conflict with any WREC or CDN Peering WG's or the IPSP WG. Hilarie Orman and Michael Condry, Chairs From owner-ietf-openproxy Tue Oct 24 13:50:48 2000 Received: (from majordomo@localhost) by ns.secondary.com (8.9.3/8.9.3) id NAA14153 for ietf-openproxy-bks; Tue, 24 Oct 2000 13:50:48 -0700 (PDT) Received: from mercury.Sun.COM (mercury.Sun.COM [192.9.25.1]) by ns.secondary.com (8.9.3/8.9.3) with ESMTP id NAA14148 for ; Tue, 24 Oct 2000 13:50:47 -0700 (PDT) Received: from sunmail1.Sun.COM ([129.145.1.2]) by mercury.Sun.COM (8.9.3+Sun/8.9.3) with ESMTP id NAA09745; Tue, 24 Oct 2000 13:56:14 -0700 (PDT) Received: from jurassic.eng.sun.com (jurassic.Eng.Sun.COM [129.146.81.144]) by sunmail1.Sun.COM (8.9.1b+Sun/8.9.1/ENSMAIL,v1.6.1-sunmail1) with ESMTP id NAA20585; Tue, 24 Oct 2000 13:55:35 -0700 (PDT) Received: from viper (viper.Eng.Sun.COM [129.146.88.132]) by jurassic.eng.sun.com (8.11.1+Sun/8.11.1) with SMTP id e9OKtXf178060; Tue, 24 Oct 2000 13:55:34 -0700 (PDT) Message-Id: <200010242055.e9OKtXf178060@jurassic.eng.sun.com> Date: Tue, 24 Oct 2000 13:56:27 -0700 (PDT) From: Michael Condry Reply-To: Michael Condry Subject: BCD Forum meeting To: ietf-openproxy@imc.org Cc: wrec@cs.utk.edu, cdn@ops.ietf.org, paf@cisco.com MIME-Version: 1.0 Content-Type: TEXT/plain; charset=us-ascii Content-MD5: SN8nOtNspTNOvuKo+HUcVw== X-Mailer: dtmail 1.3.0 @(#)CDE Version 1.4 SunOS 5.8 sun4u sparc Sender: owner-ietf-openproxy@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: The BCDF (Broadband Content Delivery Forum) charter is to determine the requirements needed for broadband content delivery. Examining the issues concerning content delivery is coming up a critical area of interest for the Internet folks because of the heading "merger" of network technologies: IP, Cable, Voice, etc. The big content owners, CNN, CBS, NBC, ABC, Time-Warner, etc. are highly concerned with this area including - finding content - how to locate it - delivery of content - receiving "well presented" content - billing - assuring that the content taker is billed (both billing and security). The BCDF was created by Nortel but has since the start restructured itself as an industry consortium focused on broadband issues. The membership is strongly represented by the Telco areas. Projects are partitioned into three areas, called working groups: 1. Market Development - focused on BCDF (broadband) market development issues. 2. Content and Applications - working with the Content groups to assure requirements are met. 3. Infrastructure - defining the requirements for the infrastructure. There are many similarities with the Content Alliance and Content Bridge. All groups seem to be strongly represented by the infrastructure guys and weekly represented by the actual content owners. The Content Alliance is creating the CDN working group at the IETF. My experience and BCDF was with the general forums and infrastructure groups. Although some members were in the "lets invent it here" mode most agreed that listing the requirements and submitting them to the IETF would be the most productive. They also agreed that having the BCDF spend most of its energy working with the content providers to obtain requirements would be the most productive (certainly more than trying to create a different but similar set of specifications to the IETF CNF group). We agreed to get the Content and Applications folks focused on that and attempt to enumerate the broadband requirements for the concerns listed above (location, delivery, billing). I presented the open proxy services architecture and how it might be employed in solving some of their broadband issues. The infrastructure folks felt that the open proxy services model was exactly the kind of infrastructure needed for services in a merged networked technologies environment. They plan to support this for the upcoming IETF. I also gave them a brief overview of the IETF and suggested a plan for submitting requirements there (rather than any self invention). In my opinion they are still too technology focused and not sufficiently strong in understanding the operational rules of the "content "owners. This group has the benefit of beliving that it would be better to let the IETF sort out the technical issues. From owner-ietf-openproxy Wed Nov 1 12:30:09 2000 Received: (from majordomo@localhost) by ns.secondary.com (8.9.3/8.9.3) id MAA09720 for ietf-openproxy-bks; Wed, 1 Nov 2000 12:30:09 -0800 (PST) Received: from lukla.Sun.COM (lukla.Sun.COM [192.18.98.31]) by ns.secondary.com (8.9.3/8.9.3) with ESMTP id MAA09709 for ; Wed, 1 Nov 2000 12:30:04 -0800 (PST) Received: from centralmail1.Central.Sun.COM ([129.147.62.10]) by lukla.Sun.COM (8.9.3+Sun/8.9.3) with ESMTP id NAA02314 for ; Wed, 1 Nov 2000 13:36:19 -0700 (MST) Received: from esun1as-mm. (esun1as-mm.Central.Sun.COM [129.147.34.144]) by centralmail1.Central.Sun.COM (8.9.3+Sun/8.9.3/ENSMAIL,v1.7) with SMTP id NAA05023 for ; Wed, 1 Nov 2000 13:36:18 -0700 (MST) Received: from condry.org by esun1as-mm. (SMI-8.6/SMI-SVR4) id NAA08757; Wed, 1 Nov 2000 13:46:54 -0700 Message-ID: <3A007DA5.FAABCA51@condry.org> Date: Wed, 01 Nov 2000 12:31:33 -0800 From: "Michael W. Condry" X-Mailer: Mozilla 4.73 [en] (Win98; U) X-Accept-Language: en,pdf,zh,zh-CN MIME-Version: 1.0 To: openproxy Subject: Updated OPES charter Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-ietf-openproxy@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: Open Proxy Extended Services architecture (opes) Co-chairs: Michael Condry Hilarie Orman Mailing Lists: [TENTATIVE] General Discussion: ietf-openproxy@imc.org To Subscribe: ietf-openproxy-request@imc.org Web: http://www.extproxy.org Archive: ftp://ftp.ietf.org/ietf-mail-archive/opes Description of Working Group: The Open Proxy Extensible Services architecture (OPES) enables construction of services "inside the network"; these can be used by content providers for efficient caching, content administration, communication, and network control functions. Other users of the services include third-party content-related services such as transcoders, regional affiliates, etc. The open proxy extensible services architecture focuses on situations with intermediate network elements providing the locus of control and execution of the service function. The proxy services are content directed: thus, the proxy understands at least some of the content semantics and provides a service platform that operates within the content flow. For example, it provides an opportunity to instruct the cache that certain types of data are cacheable. The OPES WG will work with WEBI/WREC group to define or follow specifications for communication between the web cache sub-system and proxies to take advantage of this information in creating a strategy for caching and proxying that is more efficient than being "content ignorant". The OPES WG will develop protocols for the proxy server to provide "callout" services (e.g. iCAP, the content adaptation protocol) and provide a forum for iCAP to submit and discuss its specifications. The callout server may create copies of web pages, possibly in a different form, e.g. a different natural language. Open Proxy protocols will have the ability to communicate cache and proxy specific information with surrogates and/or origin servers, for example, in order to inform the origin that it has two representations of the same content. There are points of interoperation required with Content Distribution Networks, for example, in exchanging accounting related information. Content Distribution Networks are the primary subject of the CDNP group. After the initial protocols have been specified, the open proxy extensible services group also will develop protocols to facilitate routing traffic within cache system (specified by WEBI/WREC) along alternate paths to minimize time or cost. Goals and Milestones: Feb 01: Requirements and roadmap documents for WG Feb 01: First draft callout protocol; first draft information model Mar 01: Meet at Minneapolis IETF Mar 01: Update of OPES architecture document, draft-tomlinson-epsfw-00.txt. Jun 01: Submission of security and authentication architecture Aug 01: Meet at London IETF Aug 01: Final submission of callout protocol; final submission of information model Oct 01: Submission of data model for service description, invocation, results Dec 01: Salt Lake City IETF, final submission of architecture document Agenda for December, San Diego Meeting Introduction: Hilarie Orman Use Cases: Marcus Hofmann Workshop Summary: Michael Condry ICAP Progress: Mark Nottingham Relationship to CDN Peering: Mark Day Document Roadmap: Hilarie Orman Charter Bashing: Michael Condry Architecture Requirements Discussion: Hilarie Orman Discussion of other documents Assignments and Administrivia From owner-ietf-openproxy Wed Nov 1 12:35:59 2000 Received: by ns.secondary.com (8.9.3/8.9.3) id MAA09949 for ietf-openproxy-bks; Wed, 1 Nov 2000 12:35:59 -0800 (PST) Received: from lukla.Sun.COM (lukla.Sun.COM [192.18.98.31]) by ns.secondary.com (8.9.3/8.9.3) with ESMTP id MAA09945 for ; Wed, 1 Nov 2000 12:35:58 -0800 (PST) Received: from centralmail1.Central.Sun.COM ([129.147.62.10]) by lukla.Sun.COM (8.9.3+Sun/8.9.3) with ESMTP id NAA05953; Wed, 1 Nov 2000 13:42:14 -0700 (MST) Received: from esun1as-mm. (esun1as-mm.Central.Sun.COM [129.147.34.144]) by centralmail1.Central.Sun.COM (8.9.3+Sun/8.9.3/ENSMAIL,v1.7) with SMTP id NAA06615; Wed, 1 Nov 2000 13:41:42 -0700 (MST) Received: from condry.org by esun1as-mm. (SMI-8.6/SMI-SVR4) id NAA08822; Wed, 1 Nov 2000 13:52:17 -0700 Message-ID: <3A007EE9.CE9316EA@condry.org> Date: Wed, 01 Nov 2000 12:36:57 -0800 From: "Michael W. Condry" X-Mailer: Mozilla 4.73 [en] (Win98; U) X-Accept-Language: en,pdf,zh,zh-CN MIME-Version: 1.0 To: openproxy , iCAP , CDNP Subject: Changes Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-ietf-openproxy@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: As of Monday (Nov 6th) my contact information changes. However, my focus of attention with these groups continues. My new data is: Michael Condry Director of Internet Strategy Intel Labs Intel Corporation 2111 NE 25th Avenue M/S JF3-206 Hillsboro, OR 97124 503-264-9019 condry@intel.com condry@condry.org From owner-ietf-openproxy Wed Nov 1 13:29:46 2000 Received: (from majordomo@localhost) by ns.secondary.com (8.9.3/8.9.3) id NAA10977 for ietf-openproxy-bks; Wed, 1 Nov 2000 13:29:46 -0800 (PST) Received: from web1502.mail.yahoo.com (web1502.mail.yahoo.com [128.11.23.180]) by ns.secondary.com (8.9.3/8.9.3) with SMTP id NAA10973 for ; Wed, 1 Nov 2000 13:29:44 -0800 (PST) Received: (qmail 18590 invoked by uid 60001); 1 Nov 2000 21:36:06 -0000 Message-ID: <20001101213606.18589.qmail@web1502.mail.yahoo.com> Received: from [192.32.225.117] by web1502.mail.yahoo.com; Wed, 01 Nov 2000 13:36:06 PST Date: Wed, 1 Nov 2000 13:36:06 -0800 (PST) From: Thomas Hardjono Subject: IETF49 Multicast Security (MSEC) BOF details To: ietf-openproxy@imc.org MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Sender: owner-ietf-openproxy@mail.imc.org Precedence: bulk List-Archive: