Re: [Captive-portals] Review of draft-ietf-capport-api-02
Darshak Thakore <d.thakore@cablelabs.com> Tue, 26 March 2019 23:04 UTC
Return-Path: <d.thakore@cablelabs.com>
X-Original-To: captive-portals@ietfa.amsl.com
Delivered-To: captive-portals@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B6AA8120005 for <captive-portals@ietfa.amsl.com>; Tue, 26 Mar 2019 16:04:58 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cablelabs.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id lwj64wWJxgmm for <captive-portals@ietfa.amsl.com>; Tue, 26 Mar 2019 16:04:56 -0700 (PDT)
Received: from NAM04-SN1-obe.outbound.protection.outlook.com (mail-eopbgr700104.outbound.protection.outlook.com [40.107.70.104]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id AD6C412011B for <captive-portals@ietf.org>; Tue, 26 Mar 2019 16:04:42 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cablelabs.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=C6MoMT2dLqQXMqLwT4441iPNup/hM5zoFvZLNOrgIWY=; b=UbPIE6ea9+dUYsXfwd8hLgSZsO0QbhhupM4MlN1JLozIursCWPm8npBMvPAVW41swuIFOxXfxoWXnQdWGVKuxJMiTd7z01c1euf3LL2DA3sVOwbnzxUV+eoDoo0z05EPdsva5OWXw0v7OQtOKYhOmEYmxsG9Aa57Y8+/UXRSpFY=
Received: from DM6PR06MB3802.namprd06.prod.outlook.com (20.176.66.139) by DM6PR06MB4251.namprd06.prod.outlook.com (20.176.106.16) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.1750.15; Tue, 26 Mar 2019 23:04:41 +0000
Received: from DM6PR06MB3802.namprd06.prod.outlook.com ([fe80::9db1:59a8:80b9:74c4]) by DM6PR06MB3802.namprd06.prod.outlook.com ([fe80::9db1:59a8:80b9:74c4%3]) with mapi id 15.20.1730.019; Tue, 26 Mar 2019 23:04:41 +0000
From: Darshak Thakore <d.thakore@cablelabs.com>
To: Kyle Larose <kyle@agilicus.com>, Tommy Pauly <tpauly@apple.com>, "captive-portals@ietf.org" <captive-portals@ietf.org>
Thread-Topic: Review of draft-ietf-capport-api-02
Thread-Index: AQHU4kike7VIlurzQEm3YMmC4hBOA6YeJ24A
Date: Tue, 26 Mar 2019 23:04:41 +0000
Message-ID: <4A53A02F-3925-4306-BB80-B4776E0C261A@cablelabs.com>
References: <CACuvLgzBHC5eKsNTGyvo_SiTra0F6Be1U6s__-zLH+Zt6_98EA@mail.gmail.com>
In-Reply-To: <CACuvLgzBHC5eKsNTGyvo_SiTra0F6Be1U6s__-zLH+Zt6_98EA@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/10.17.0.190309
authentication-results: spf=none (sender IP is ) smtp.mailfrom=d.thakore@cablelabs.com;
x-originating-ip: [2620:0:2b10:10:7506:1b87:3cb8:a2da]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 1ffb9123-6e0b-4759-a15b-08d6b23f6da2
x-microsoft-antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(5600127)(711020)(4605104)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(2017052603328)(7153060)(7193020); SRVR:DM6PR06MB4251;
x-ms-traffictypediagnostic: DM6PR06MB4251:
x-microsoft-antispam-prvs: <DM6PR06MB4251ED16B453B818EFF840F6E45F0@DM6PR06MB4251.namprd06.prod.outlook.com>
x-forefront-prvs: 09888BC01D
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(366004)(396003)(136003)(346002)(376002)(39850400004)(189003)(199004)(51914003)(99286004)(76176011)(14444005)(256004)(36756003)(305945005)(7736002)(8936002)(106356001)(6116002)(105586002)(81156014)(6512007)(8676002)(53936002)(229853002)(82746002)(6486002)(33656002)(6436002)(81166006)(316002)(102836004)(186003)(2906002)(58126008)(110136005)(25786009)(478600001)(6506007)(6246003)(14454004)(2501003)(71200400001)(46003)(486006)(97736004)(5660300002)(71190400001)(2616005)(476003)(11346002)(83716004)(446003)(68736007)(86362001); DIR:OUT; SFP:1102; SCL:1; SRVR:DM6PR06MB4251; H:DM6PR06MB3802.namprd06.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:1;
received-spf: None (protection.outlook.com: cablelabs.com does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam-message-info: Hj/9/wQAc8L7m1UJGL3kiK4qGVgJE2NDSt4xKwC54b/1iRD0kJ6KY5Yath59oSjNkLnJVBlyAv/PRrzqADnVYtAvKghL9QiYEKPDN0dirra2hZ7ab6KtpsQhSzQVHvIUGdDVwLPYLOlogtjjtZmwoP6TbnD4gzsvQnOBZLpqA4XVkbAV5Jp4kF9j6FF4p+vx77tq6OFBI2fZse4m2VeAHSuq/LWyWkeLwd7tVu7Jn8NDhW8orxIt3Nl4VvOk90f6b3/nsOZVUJKnI0T8Z596AmbDnJFb3QjeucFG3W/JQYS39YliaSDv3SI6NgM3/yQ72LlPs22sbheyHEKlRwm74u1eykA0UBxYxDkGXeWACwk/l186KIWPNO6BcKrs6qQJwJ3Uwr3aGC2Xy+THXZZ3zYaggBmfP1+kAB0FBpv/9kI=
Content-Type: text/plain; charset="utf-8"
Content-ID: <0BE43D0831C03B408C89C310F74661D9@namprd06.prod.outlook.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-OriginatorOrg: cablelabs.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 1ffb9123-6e0b-4759-a15b-08d6b23f6da2
X-MS-Exchange-CrossTenant-originalarrivaltime: 26 Mar 2019 23:04:41.0501 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: ce4fbcd1-1d81-4af0-ad0b-2998c441e160
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM6PR06MB4251
Archived-At: <https://mailarchive.ietf.org/arch/msg/captive-portals/5uavJn85H9QYOHd5QF8RgU-xgjI>
Subject: Re: [Captive-portals] Review of draft-ietf-capport-api-02
X-BeenThere: captive-portals@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Discussion of issues related to captive portals <captive-portals.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/captive-portals>, <mailto:captive-portals-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/captive-portals/>
List-Post: <mailto:captive-portals@ietf.org>
List-Help: <mailto:captive-portals-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/captive-portals>, <mailto:captive-portals-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 26 Mar 2019 23:04:59 -0000
Hi Kyle, Thanks for the review and the comments. Responses inline.. On 3/24/19, 7:51 AM, "Kyle Larose" <kyle@agilicus.com> wrote: Tommy and Darshak, Thanks for the update. Changing host to client makes sense. I hadn't considered the NTP case either; it's pretty important! I've done a re-read of the document. It is still nice and simple. Good job! I have some comments. In section 3, the document outlines the steps of interaction between a client and the captive portal service. It says: > 3. Enforcement, in which the enforcement device in the network > blocks disallowed traffic, and sends ICMP messages to let clients > know they are blocked by the captive portal The architecture now refers to the ICMP message as a the "Captive Portal Signal" (since we haven't decided on a concrete implementation). We should be consistent here. It may also be worth noting that the signal is optional, though it may be easier to read if we don't bring that up in the API document. DT>>> Agreed and good catch, will update that to refer to it as a generic "signals the clients to know they are blocked.." In Section 4.2, the data structure defines the following json field: > o "vendor-info-url" (optional, string): provides the URL of a > webpage or site on which the operator of the network has > information that it wishes to share with the user (e.g. store > info, maps, flight status, or entertainment). We don't provide any concrete examples or guidance on how to use this. Is it something to user-portal-url would refer to? Should it be shown alongside the user-portal-url? Would some text along the lines of: "The client MAY notify the user of this url/provide a link/etc..." work? Or is that getting too into the UX details? DT>>> This would be a good thing to discuss during the session. In general the idea was to not be prescriptive about what to do with the url but given that the main purpose of this optional url is to allow the user to navigate/see something maybe even before they got thru any kind of authentication, we may want to put some "recommendation" text. It also defines: > o "bytes-remaining" (optional, integer): indicates the number of > bytes remaining, after which the client will be in placed into a > captive state. Should we be clear about whether this applies to bytes sent by the client, bytes received by the client, or both (i.e. the sum). We could also get into the details of at which layer the enforcement device is doing the counting, but that may be too much detail. DT>>> That question has been asked multiple times now so we certainly need some clarity. A general note regard the data structure: I'm not sure if we've brought this up in the past. Do we want to version the data structure? Or would future extensions simply add keys whose presence implies the new version? DT>>> I guess future-proofing API best practices mandate a version to be there __ In section 4.3, the example HTTP request starts with: > GET /captive-portal/api/X54PD Nit: don't we need an HTTP version at the end there? That's all for now. Have fun in Prague, Kyle
- [Captive-portals] Review of draft-ietf-capport-ap… Kyle Larose
- Re: [Captive-portals] Review of draft-ietf-cappor… Darshak Thakore