IETF Logo Mail Archive

Re: [Captive-portals] Review of draft-ietf-capport-rfc7710bis

David Bird <dbird@google.com> Thu, 25 July 2019 12:56 UTC

Return-Path: <dbird@google.com>
X-Original-To: captive-portals@ietfa.amsl.com
Delivered-To: captive-portals@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5B16D1200B5 for <captive-portals@ietfa.amsl.com>; Thu, 25 Jul 2019 05:56:40 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -17.499
X-Spam-Level:
X-Spam-Status: No, score=-17.499 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_MED=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, ENV_AND_HDR_SPF_MATCH=-0.5, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, USER_IN_DEF_DKIM_WL=-7.5, USER_IN_DEF_SPF_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=google.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 46xwv49SB4TB for <captive-portals@ietfa.amsl.com>; Thu, 25 Jul 2019 05:56:38 -0700 (PDT)
Received: from mail-lf1-x12c.google.com (mail-lf1-x12c.google.com [IPv6:2a00:1450:4864:20::12c]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9DA7D12018E for <captive-portals@ietf.org>; Thu, 25 Jul 2019 05:56:37 -0700 (PDT)
Received: by mail-lf1-x12c.google.com with SMTP id x3so34561732lfc.0 for <captive-portals@ietf.org>; Thu, 25 Jul 2019 05:56:37 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=8qrJnKBmuT/+yj4RyNOm8+Hw4tXJ5cTdr2xHxueG+c4=; b=abtuv7aXcL0LG2j+8ZACtt5NuY1MaDQcDjInHku88n5MCjIuophxciglmLGA3g7ef6 zTjSk7qzAblKMAo+pi86CNv1XWtwW3yXn1hAILNwejFpBChGNJhabF5L9KKl2OmVsQUQ L91GoSstNTqJscJTWMN5Hk1A5MxBtrhiTjl4ciMJdPGsUeFcfMRsk82n3qqjodA+V373 oeeGziIpIx6qWp4N7QVm6NoeOFvNDogUmtrnC8KMWtMph0kqgxOFiZ9ewWgw4CXfntG0 NlKRplK79m2DtRaidhuBtKxWe+XLWbVcQMAtn5uom2mZE7NPPZKhzhGMGU23TibzzmeE PpmQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=8qrJnKBmuT/+yj4RyNOm8+Hw4tXJ5cTdr2xHxueG+c4=; b=bO95fofgkkDkDNCnbP+BvIXpVxV70/ksoq1tFYv76jPecGvfXQ5jKGXzXeDvjxD17N 9D5j+7lEg5AHGrSHFwiWifT1dR5bXwYqGMlHlszKFrYW7L3dMTYDbwR1kiqpqLmDhkq5 OQ6JaE4TbDGhhfLhywMA9UPIJ0imEQe7RH3LGVqGZyW54u/vcHLDlwKOqsXPX5Afp/py 02P/pL1aRqgwtNsxtIKU1tUaCgU4lqu+/6AeULZwVW+Dyt0RP7tg2ULkZGHJ1egZiBYZ ou2En79zkqFCwN7eOwbtlrlMWxgqjfcXOkbDh1najcMFz84OB1wvyyCUzMZXeyW69XX+ nXKw==
X-Gm-Message-State: APjAAAWQMULmsZPRZ1wIkXV6CjAXKUY1ks2FRm5lXo5fq4Ew2zzYyU0L SN7PYDEet+gH3yR9ELpl7XTaY9eRapSrWyjP68uYQzel8UlXsw==
X-Google-Smtp-Source: APXvYqwXlwqxLFjBvs1uQEjCaEHPG4xQV2xsN3H7Nv0SDxVFuhE4RRrFLaelCZ7Z/tYKUYk7FNH9ZI1+dJ/yEX2HyP4=
X-Received: by 2002:ac2:46ef:: with SMTP id q15mr42238423lfo.63.1564059395424; Thu, 25 Jul 2019 05:56:35 -0700 (PDT)
MIME-Version: 1.0
References: <CAKD1Yr32DXr8fYHP_x7z9pQWwSchey8zQW11vw02bW9ONEV8Kg@mail.gmail.com> <01ad5bf0-1f60-4dbb-aa83-31d14fce6082@www.fastmail.com> <CAKD1Yr08LmfDhmDLqpR87iQQ4Z61CVpR9BTDeRHobpsvVxFJvA@mail.gmail.com> <CADo9JyW6TmBnr5f0AuSXKnKMXnMxGhMkgYbGQ1WYOQjSMefy=w@mail.gmail.com> <CAKD1Yr1Zo0NQod=p4ZqT6fJYJ=Xqh1q8eJT2+ich+p7Jmg1WiA@mail.gmail.com> <CADo9JyX1T8AnxirXLfGdcJzmjvy5_UGJktnbYByAuO7H++y8uA@mail.gmail.com> <bb3dea12-294d-4a68-82b4-cc487f242f19@www.fastmail.com>
In-Reply-To: <bb3dea12-294d-4a68-82b4-cc487f242f19@www.fastmail.com>
From: David Bird <dbird@google.com>
Date: Thu, 25 Jul 2019 05:56:24 -0700
Message-ID: <CADo9JyWZ0YjXUky+m_PDWc8BrjFVzOvs6XmjqUcV18hbPE_BpA@mail.gmail.com>
To: Martin Thomson <mt@lowentropy.net>
Cc: captive-portals@ietf.org
Content-Type: multipart/alternative; boundary="000000000000ac7bc1058e80f48d"
Archived-At: <https://mailarchive.ietf.org/arch/msg/captive-portals/6nLbZZtlu0bY3kmuc72GhJgJVaQ>
Subject: Re: [Captive-portals] Review of draft-ietf-capport-rfc7710bis
X-BeenThere: captive-portals@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Discussion of issues related to captive portals <captive-portals.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/captive-portals>, <mailto:captive-portals-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/captive-portals/>
List-Post: <mailto:captive-portals@ietf.org>
List-Help: <mailto:captive-portals-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/captive-portals>, <mailto:captive-portals-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 25 Jul 2019 12:56:41 -0000

Hi Martin,

The "this" refers to uniquely identifying the UE/session. The API server
will need to "lookup" the UE/session in some way (like in a database shared
with AAA) to get its state (captive or not, how much time/data remaining,
etc). In this regard, the API and the Captive Portal itself *both* need
this ability to uniquely identify the UE/session.

Sure, one *could* design an API server, to reside on the same L2 segment as
the subscribers, so that it can determine the UE mac address from looking
up the remote IP address in the local ARP table. But... in practice, I
think the tendency would be to host the API in the same centralized place
as the captive portal itself (and share the same database).

In terms of generating a "session-id" ... a lot of this is very
implementation dependent. For example, many hotspot systems are integrated
with DHCP/RA because the IP address of subscribers may come from AAA (or a
PGW in 3gpp). The redirection URL is often "minted" with the right
session_id for that session by the backend AAA/PCRF.

Here is one example:
https://www.cisco.com/c/en/us/td/docs/wireless/controller/7-5/configuration-guide/b_cg75/b_cg75_chapter_01011101.pdf


On Thu, Jul 25, 2019 at 4:31 AM Martin Thomson <mt@lowentropy.net> wrote:

> Hi David,
>
> On Mon, Jul 22, 2019, at 19:40, David Bird wrote:
> > ultimately a "session-id" is
> > typically carried in the redirect URL on a per UE/session basis. If
> > everyone gets the exact same URL, this can only be done by IP address
> > at the portal... Is that the design networks are encouraged to take?
>
> I'm not following your "this" here.  Can you say more?
>
> I understand that a session ID is needed, but is this something that can
> be inserted on the transition from the API endpoint to the web page?
>
> _______________________________________________
> Captive-portals mailing list
> Captive-portals@ietf.org
> https://www.ietf.org/mailman/listinfo/captive-portals
>

v2.23.0 | Report a Bug | By Email