Re: [Captive-portals] CAPPORT support in iOS 14 and macOS Big Sur betas

Tommy Pauly <> Tue, 07 July 2020 20:18 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 26EF63A0A3E for <>; Tue, 7 Jul 2020 13:18:58 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -2.099
X-Spam-Status: No, score=-2.099 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (2048-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id e53JFudTurMi for <>; Tue, 7 Jul 2020 13:18:56 -0700 (PDT)
Received: from ( []) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 106313A0A30 for <>; Tue, 7 Jul 2020 13:18:55 -0700 (PDT)
Received: from pps.filterd ( []) by ( with SMTP id 067K9EwX039872; Tue, 7 Jul 2020 13:18:48 -0700
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; h=content-type : mime-version : subject : from : in-reply-to : date : cc : content-transfer-encoding : message-id : references : to; s=20180706; bh=oGZm/W+zR3W9SImf7AdZeq48PX58UpoH81qlvPb3eTk=; b=VmNOUtgNWWqWfu9Di5mVjqvMgI+x/vAW8Zd8bM3nXd4JGVAb9IYuyer4zgMXd5T875gd y99h1MHzPmsyjj3+KsXe6GbjiZ3owoLfvIAQamSIlEgOTl7b2ywnl95mkx17uXund69n 613xSOsyHso5KEvK2opTdSi025YtXbda67nJK/2ADGlFxesxct1ZTeevulcCSu3wmqh3 Cf+I9TxjnapIVM3RBNvD6G5mf5kIeacmK6sI1q4FWw10wduAbEoG2dj1Xs0yu3Wp1UQO X64WsJh0qfZcD+90H8vF3X2NtbMS9l3R3Ao0qp3WBf3e0LsDOHp2U78HjZUWWmjmh0EX 7g==
Received: from ( []) by with ESMTP id 322pet2xm3-2 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128 verify=NO); Tue, 07 Jul 2020 13:18:47 -0700
Received: from ( []) by (Oracle Communications Messaging Server 64bit (built Mar 12 2020)) with ESMTPS id <>; Tue, 07 Jul 2020 13:18:47 -0700 (PDT)
Received: from by (Oracle Communications Messaging Server 64bit (built Mar 12 2020)) id <>; Tue, 07 Jul 2020 13:18:47 -0700 (PDT)
X-Va-T-CD: e04a649d9275de32ef19932a7a33925b
X-Va-E-CD: 4578b196c2d4921fe4a8c9a59c41a29a
X-Va-R-CD: e06bf14963a3da9ed87a944966f976f1
X-Va-CD: 0
X-Va-ID: fd107ca2-a701-4298-8f56-dab4af844bed
X-V-T-CD: e04a649d9275de32ef19932a7a33925b
X-V-E-CD: 4578b196c2d4921fe4a8c9a59c41a29a
X-V-R-CD: e06bf14963a3da9ed87a944966f976f1
X-V-CD: 0
X-V-ID: 897b48bd-0e35-4a3e-b459-1f60859dde38
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.235, 18.0.687 definitions=2020-07-07_13:2020-07-07, 2020-07-07 signatures=0
Received: from [] (unknown []) by (Oracle Communications Messaging Server 64bit (built Mar 12 2020)) with ESMTPSA id <>; Tue, 07 Jul 2020 13:18:46 -0700 (PDT)
Content-type: text/plain; charset=utf-8
MIME-version: 1.0 (Mac OS X Mail 13.4 \(3608.\))
From: Tommy Pauly <>
In-reply-to: <>
Date: Tue, 07 Jul 2020 13:18:44 -0700
Cc: captive-portals <>
Content-transfer-encoding: quoted-printable
Message-id: <>
References: <> <>
To: Steve Haskew <>
X-Mailer: Apple Mail (2.3608.
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.235, 18.0.687 definitions=2020-07-07_13:2020-07-07, 2020-07-07 signatures=0
Archived-At: <>
Subject: Re: [Captive-portals] CAPPORT support in iOS 14 and macOS Big Sur betas
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Discussion of issues related to captive portals <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Tue, 07 Jul 2020 20:18:58 -0000

Hi Steve,

Glad you’re testing is going well so far.

> On Jul 7, 2020, at 6:03 AM, Steve Haskew <> wrote:
> Hi Tommy,
> I have now been doing some testing of our solution with iOS 14 and it has been fairly straightforward in getting it all working at a basic level!
> I have a couple of observations/queries:
> Just to confirm, are you not yet supporting any of the informational elements (venue info URL, seconds remaining etc) since you say the user experience is not changing? Despite setting these values I am not seeing any difference.

That’s expected. The iOS 14 beta doesn’t include any changes to the Wi-Fi settings. There are ways to check for the values being parsed in system logs if you want to confirm, however. 

> Secondly I have on a few occasions been directed by probe instead of via the API. I am working to replicate this with packet capture etc so that I can determine whether it’s variation in my setup or any kind of bug, but it is also likely just because I am repeatedly logging in and out and jumping on and off the network in question! Do you know what the criteria is (timeout values on the API request, any retries on the API request? etc.) for fallback to probe method?

If you can submit a feedback/bug with system logs attached when you see this behavior, we can look into it. There are various error heuristics for when we fail to receive a valid API connection. Likely we’re hitting one of those, but it would be good to confirm which.

> Thanks for your efforts in getting this implemented!

Thanks for implementing it too!

> Steve
>> On 22 Jun 2020, at 22:30, Tommy Pauly <> wrote:
>> Hello CAPPORT,
>> I wanted to highlight an announcement we’ve made for the betas of iOS and macOS released today:
>> How to modernize your captive network <>
>> The betas for iOS and macOS support both draft-ietf-capport-rfc7710bis and draft-ietf-capport-api by default. This doesn’t change the user experience of logging onto captive networks, but the system will request the DHCP options and handle the RA option, and will prefer using the Captive Portal API Server interaction over having a probe that is intercepted.
>> If you have a portal system that is already implementing the CAPPORT features, please test out these betas and let us know if you see any issues! And if you have a captive portal solution, we’d encourage you to start supporting this soon.
>> Best,
>> Tommy
> _______________________________________________
> Captive-portals mailing list