Re: [Captive-portals] Fwd: I-D Action: draft-ietf-capport-architecture-03.txt
David Bird <dbird@google.com> Thu, 03 January 2019 19:17 UTC
Return-Path: <dbird@google.com>
X-Original-To: captive-portals@ietfa.amsl.com
Delivered-To: captive-portals@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D27C8131277 for <captive-portals@ietfa.amsl.com>; Thu, 3 Jan 2019 11:17:20 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -17.5
X-Spam-Level:
X-Spam-Status: No, score=-17.5 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_MED=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, ENV_AND_HDR_SPF_MATCH=-0.5, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, USER_IN_DEF_DKIM_WL=-7.5, USER_IN_DEF_SPF_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=google.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 45_ib77ZHrNK for <captive-portals@ietfa.amsl.com>; Thu, 3 Jan 2019 11:17:17 -0800 (PST)
Received: from mail-io1-xd2b.google.com (mail-io1-xd2b.google.com [IPv6:2607:f8b0:4864:20::d2b]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 59F88131278 for <captive-portals@ietf.org>; Thu, 3 Jan 2019 11:17:17 -0800 (PST)
Received: by mail-io1-xd2b.google.com with SMTP id s22so27828889ioc.8 for <captive-portals@ietf.org>; Thu, 03 Jan 2019 11:17:17 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=cn8GCeXfZYSsH/hJ0LKyl9Oi89tmGt8bPXk9IUxeWVc=; b=I7YVxl1c5HfALqPhwOGLGOT/3kyb+xBuTafJfErki2afVBVlcbS8K1Y+qJuC5B3oOE p5XpEdW0FnQCHBhkFmQrooCfqZhCFce2VYH2X6B598SfoJT9Z7sOX70mZYdU/NdBWGpC 2ySUEtqUJTDSPSXXcqQTRJawQ9hqmx3dAz754TCAW7Ye9bROhL8OGBkj3CFE3xS9Qxlc AxKdcpGVXkYNn9dwujqo5vyYkeV8sFBGZ1OSDl4Z0nGUkLWRkagc3cCjHFU8IAd3ppTc wFRrSDNUSQe1luENzwu95FQpfPqR9G0ioUp2uOw2mPMkPUYaF+ehEjAQ1QxY7UoauqHF Xl/A==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=cn8GCeXfZYSsH/hJ0LKyl9Oi89tmGt8bPXk9IUxeWVc=; b=X+RlSqHQJGKUNB6GSSTAbJx456sQcNAu6mhMUhtvFS7L84p5AUstt+OcXY50XLouGN DkCFPsthgbf+a5mHk6bbVCwDUzORUgJsDdMLS62iHHIwUvWBWTn+50s9itQ68V6K+Okj jRZAxq+x21QAM6wjR4XnmI4Tp/B4mWFFy8xbZEGBXmjzS1fAp1pl0/+HFl96ZfbHfwH9 BTTsp2jVr3Dyqf232NYc2WChdRpWZxTEkkdrf9HeJuqRIboO+QAl7L04FfdplB+dJPoa dln+hw8bP69UABcSwywm87FgqJ0DRNace4m/J9xZHULRp5SRIPyWsujAEOWdkqvd7g8/ Avwg==
X-Gm-Message-State: AJcUukduHYqGBW0zmABTxiH7JAlxWZVD7+0IDZGCQPK9NFzgHz+YoiRl 5Q+XcmpdiMeB7TjJZhqpkYSkZEUG45X1CTQfaQg2xA==
X-Google-Smtp-Source: ALg8bN4fsafXypMBSEyxVbc5m0BNfpBTDLhq/BuPqJ/XMvqM6rGr7WY8iZll6ZpDCRLLpyVUW2UjrXRxaEJMT0oCsr4=
X-Received: by 2002:a6b:b902:: with SMTP id j2mr34489079iof.220.1546543036248; Thu, 03 Jan 2019 11:17:16 -0800 (PST)
MIME-Version: 1.0
References: <154593193395.11930.16738431366515870255@ietfa.amsl.com> <CACuvLgwCSB13U6rXGLTwpQ-riT+7fi_HyKLD2FjzDexA4u0Rkg@mail.gmail.com> <CADo9JyWAFvBiBqb5oA-vGED1Cpo8F37GzAQhke_=E1ZpJrWdSQ@mail.gmail.com> <CACuvLgyDcZ4oMws5YNtPtu1BiLPdbB0B7=JY5mof=N3wuYXJLg@mail.gmail.com>
In-Reply-To: <CACuvLgyDcZ4oMws5YNtPtu1BiLPdbB0B7=JY5mof=N3wuYXJLg@mail.gmail.com>
From: David Bird <dbird@google.com>
Date: Thu, 03 Jan 2019 11:17:04 -0800
Message-ID: <CADo9JyWgeDpy3hVk=ofW+D0LZb0A4OxeW-hyA=ofKDxz=-y+bQ@mail.gmail.com>
To: Kyle Larose <kyle@agilicus.com>
Cc: captive-portals@ietf.org
Content-Type: multipart/alternative; boundary="0000000000004eb467057e929c67"
Archived-At: <https://mailarchive.ietf.org/arch/msg/captive-portals/55Ql44e2O3stm-_TRb2XeSE6KTo>
Subject: Re: [Captive-portals] Fwd: I-D Action: draft-ietf-capport-architecture-03.txt
X-BeenThere: captive-portals@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Discussion of issues related to captive portals <captive-portals.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/captive-portals>, <mailto:captive-portals-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/captive-portals/>
List-Post: <mailto:captive-portals@ietf.org>
List-Help: <mailto:captive-portals-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/captive-portals>, <mailto:captive-portals-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 03 Jan 2019 19:17:21 -0000
See inline On Wed, Jan 2, 2019 at 10:48 AM Kyle Larose <kyle@agilicus.com> wrote: > > On Thu, 27 Dec 2018 at 14:14, David Bird <dbird@google.com> wrote: > > > > The section titled "Risk of Nuisance Captive Portal" should really be talking about networks that USE the API and have NO network integration (e.g. Captive by API only, not by any network enforcement function). > > > > I think the nuisance captive portal SIGNALS are a legitimate concern. > However, you raise a good point: we can't entirely trust the API -- it > may become decoupled from the network for many reasons: an attack, a > bug, misconfiguration, etc. > > So, now we're talking about the risk of a nuisance API as well as > nuisance signals. I think we had been calling this a non-issue because > UE discovers the API from somewhat trusted sources -- DHCP/RA,PvD. > But, let's assume that the API is a bad actor for some reason -- > discovery was compromised, the API itself was compromised, or it's > just plain broken. > Indeed, there are many, many reasons why the API might be "wrong". I'd add that some networks will just slap together an API (or more likely find one on the Internet) and make a simple DHCP server configuration change -- and without any additional infrastructure costs, POOF ... they have a 'modern day captive portal' according to the IETF. Additionally, even when things are "working" the question is also "how well" ... how fresh is the data in the API server? does it cover all types of authentication (local, AAA, roaming, etc)? what happens when the queries per second on the API server makes it crash ? Below is a lot of new heuristics for a new service that was suppose to make captive portal discovery / notification easier ! > > Thinking about that case, you could have: > > 1. The API says that you have access when you don't. > 2. The API says that you have access when you do. > 3. The API says that you don't have access when you do. > 4. The API says that you don't have access when you don't. > > We don't need to worry about 2, since things should just work. For 4, > it could be a problem in that the portal will never really grant > access... I discuss that a bit further down. > > In case 1. the system will try to access the network and fail. Barring > probe functionality, this means that the system will simply fail to > attach to the network properly. There's no good solution without user > intervention. With probes, I think it works out naturally -- the > system will work as it does today. But, without probes, I can't think > of a nice solution.This is a concern that has been raised in the past > (I think by you, David), since it means that we will still need probes > for a "nice experience". > > In case 3. the UE will attempt to visit the portal. I can think of a > few sub-cases here: > a) The URI of the portal is bad/non-existent > b) The URI is present, works and the portal says you have access > c) The URI is present, works and the portal refuses to grant access. > > b) is easy: the UE proceeds with its connection and everything works. > > We need to consider a) a bit, since it's a fairly likely failure mode. > I think it's probably safe to assume that, barring probes, network > access is unavailable on this network, and the system should treat it > as such. > c) I think this should probably behave the same as a), though it's a > bit nicer in that the user has actual feedback. > > It's a little unfortunate that with a) and c), the UE should have > network access, but the user thinks they do not. What if they know > that they should for some reason? Perhaps the recommendation should be > to treat it as though network access is unavailable, barring explicit > direction from the user to use the network, or confirmation that > network access is available through probes. > > Case 4 can likely be handled in a similar way to case 3 -- you never > get access, so the user either chooses a different network, or > overrides the system's default, which then proves to them that the > network does not provide access. > > > > Happy Holidays! > > > > Cheers, > > David > > > >
- [Captive-portals] I-D Action: draft-ietf-capport-… internet-drafts
- [Captive-portals] Fwd: I-D Action: draft-ietf-cap… Kyle Larose
- Re: [Captive-portals] Fwd: I-D Action: draft-ietf… David Bird
- Re: [Captive-portals] Fwd: I-D Action: draft-ietf… Martin Thomson
- Re: [Captive-portals] Fwd: I-D Action: draft-ietf… Martin Thomson
- Re: [Captive-portals] Fwd: I-D Action: draft-ietf… Nicolas Mailhot
- Re: [Captive-portals] Fwd: I-D Action: draft-ietf… David Bird
- Re: [Captive-portals] Fwd: I-D Action: draft-ietf… Nicolas Mailhot
- Re: [Captive-portals] Fwd: I-D Action: draft-ietf… Kyle Larose
- Re: [Captive-portals] Fwd: I-D Action: draft-ietf… David Bird