[Captive-portals] Martin Duke's Discuss on draft-ietf-capport-api-07: (with DISCUSS and COMMENT)
Martin Duke via Datatracker <noreply@ietf.org> Sat, 06 June 2020 21:49 UTC
Return-Path: <noreply@ietf.org>
X-Original-To: captive-portals@ietf.org
Delivered-To: captive-portals@ietfa.amsl.com
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 36EBB3A0D85; Sat, 6 Jun 2020 14:49:19 -0700 (PDT)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 8bit
From: Martin Duke via Datatracker <noreply@ietf.org>
To: The IESG <iesg@ietf.org>
Cc: draft-ietf-capport-api@ietf.org, capport-chairs@ietf.org, captive-portals@ietf.org, Martin Thomson <mt@lowentropy.net>, mt@lowentropy.net
X-Test-IDTracker: no
X-IETF-IDTracker: 7.1.0
Auto-Submitted: auto-generated
Precedence: bulk
Reply-To: Martin Duke <martin.h.duke@gmail.com>
Message-ID: <159148015875.11480.2779938750447142779@ietfa.amsl.com>
Date: Sat, 06 Jun 2020 14:49:19 -0700
Archived-At: <https://mailarchive.ietf.org/arch/msg/captive-portals/3Zfwt92E98NxRmsTvGe5l7DuLNY>
Subject: [Captive-portals] Martin Duke's Discuss on draft-ietf-capport-api-07: (with DISCUSS and COMMENT)
X-BeenThere: captive-portals@ietf.org
X-Mailman-Version: 2.1.29
List-Id: Discussion of issues related to captive portals <captive-portals.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/captive-portals>, <mailto:captive-portals-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/captive-portals/>
List-Post: <mailto:captive-portals@ietf.org>
List-Help: <mailto:captive-portals-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/captive-portals>, <mailto:captive-portals-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 06 Jun 2020 21:49:19 -0000
Martin Duke has entered the following ballot position for draft-ietf-capport-api-07: Discuss When responding, please keep the subject line intact and reply to all email addresses included in the To and CC lines. (Feel free to cut this introductory paragraph, however.) Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html for more information about IESG DISCUSS and COMMENT positions. The document, along with other ballot positions, can be found here: https://datatracker.ietf.org/doc/draft-ietf-capport-api/ ---------------------------------------------------------------------- DISCUSS: ---------------------------------------------------------------------- Unless I am misinterpreting the language here, there is a disconnect between this document and the architecture document. Sec 2.3 of -architecture says: At minimum, the API MUST provide: (1) the state of captivity and (2) a URI for the Captive Portal Server. But in section 5 user-portal-url is an optional field. Is -architecture actually levying a requirement on the api spec, or the api server? I am also confused by this sentence at the end of section 4.1 about failed authentication: “It may still be possible for the user to access the network by being redirected to a web portal.” Who is doing the redirecting here? If authentication has failed, how is this redirect authenticated and secure against theft of credentials? ---------------------------------------------------------------------- COMMENT: ---------------------------------------------------------------------- This document is otherwise clearly written. Thanks. As I said in the architecture review, the term for the user portal keeps changing. Over there it’s called a “Captive Portal Server” and a “web portal server”. Here it’s a “user-portal.” One nit: s/extenal/external
- [Captive-portals] Martin Duke's Discuss on draft-… Martin Duke via Datatracker
- Re: [Captive-portals] Martin Duke's Discuss on dr… Tommy Pauly
- Re: [Captive-portals] Martin Duke's Discuss on dr… Martin Duke
- Re: [Captive-portals] Martin Duke's Discuss on dr… Erik Kline
- Re: [Captive-portals] Martin Duke's Discuss on dr… Kyle Larose
- Re: [Captive-portals] Martin Duke's Discuss on dr… Martin Thomson