IETF Logo Mail Archive

Re: [Captive-portals] thoughts on two documents

Michael Richardson <mcr+ietf@sandelman.ca> Wed, 26 April 2017 16:34 UTC

Return-Path: <mcr@sandelman.ca>
X-Original-To: captive-portals@ietfa.amsl.com
Delivered-To: captive-portals@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DA9A61314EE for <captive-portals@ietfa.amsl.com>; Wed, 26 Apr 2017 09:34:49 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level:
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id K_NIp1XclgG0 for <captive-portals@ietfa.amsl.com>; Wed, 26 Apr 2017 09:34:40 -0700 (PDT)
Received: from relay.sandelman.ca (relay.cooperix.net [IPv6:2a01:7e00::f03c:91ff:feae:de77]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B74A61294D2 for <captive-portals@ietf.org>; Wed, 26 Apr 2017 09:34:39 -0700 (PDT)
Received: from dooku.sandelman.ca (CPE84948c92cd71-CM84948c92cd70.cpe.net.cable.rogers.com [173.35.93.96]) by relay.sandelman.ca (Postfix) with ESMTPS id 81EF71F8EE for <captive-portals@ietf.org>; Wed, 26 Apr 2017 16:34:38 +0000 (UTC)
Received: by dooku.sandelman.ca (Postfix, from userid 179) id 741C458D; Wed, 26 Apr 2017 12:34:37 -0400 (EDT)
From: Michael Richardson <mcr+ietf@sandelman.ca>
To: captive-portals@ietf.org
In-reply-to: <CAAedzxqP4-JeBL5W-2zG7p1fxwT6oHj29WAPVyQWK-hz20rX3A@mail.gmail.com>
References: <CAAedzxqP4-JeBL5W-2zG7p1fxwT6oHj29WAPVyQWK-hz20rX3A@mail.gmail.com>
Comments: In-reply-to Erik Kline <ek@google.com> message dated "Sun, 23 Apr 2017 23:41:10 +0900."
X-Mailer: MH-E 8.6; nmh 1.6; GNU Emacs 24.5.1
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-="; micalg="pgp-sha1"; protocol="application/pgp-signature"
Date: Wed, 26 Apr 2017 12:34:37 -0400
Message-ID: <9208.1493224477@dooku.sandelman.ca>
Archived-At: <https://mailarchive.ietf.org/arch/msg/captive-portals/7eTC3zbDdLrxtwpkAucm8LbnqRg>
Subject: Re: [Captive-portals] thoughts on two documents
X-BeenThere: captive-portals@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Discussion of issues related to captive portals <captive-portals.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/captive-portals>, <mailto:captive-portals-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/captive-portals/>
List-Post: <mailto:captive-portals@ietf.org>
List-Help: <mailto:captive-portals-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/captive-portals>, <mailto:captive-portals-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 26 Apr 2017 16:34:50 -0000

Erik Kline <ek@google.com> wrote:
    > If the document simply said that receiving and authenticating an ICMP
    > message with the capport code generically "MAY/SHOULD trigger the
    > receiving node's captive portal handling subsystem", would that be
    > something that folks might agree on?

I think we can agree on it.

    > We'll need to run this whole thing by intarea and 6man as well, of
    > course.

    > And nothing stops us from proposing a mulit-part extension to be
    > optionally included in a future document, once the captive portal
    > interaction recommendations are more fully understood.

True. We just can't make any of the extensions critical.
I think that's okay, since ignoring the ICMP is also acceptable.

    > [ draft-larose-capport-architecture ]

    > I felt it was promising to hear some agreement about the functional
    > elements of a captive portal system as documented.

Please adopt it :-)

    > Given that the captive portal interaction process is still on-going
    > work, would the document authors think it worth trying to advance the
    > document with either (a) section 3 removed or (b) section 3 rewritten
    > to describe broadly how most clients behave today?

As a roadmap document, I have no problem with section 3 as is.

    > Even given the
    > variety of clients I think it could be roughly captured (e.g. make a
    > few sacrificial queries to trigger DNS/HTTP rewrites, keep trying until
    > a sacrificial query produces an expected result while launching an
    > HTTP-capable application, and so on).

I think that this is something the WG should do after adoption.
I think that there is some IPv6 flow missing, specifically for the case where
no DHCPv6 occured (SLAAC-only).  It could be that M=1 is mandatory for
captive portals.

Is there some reason we haven't adopted draft-nottingham-capport-problem-01 yet?
I would like the problem statement to outline the mechanisms used by current
captive portals and to give the mechanism names. e.g: DNS spoofing portal,
TCP-forced-proxy portal, etc.

--
]               Never tell me the odds!                 | ipv6 mesh networks [
]   Michael Richardson, Sandelman Software Works        | network architect  [
]     mcr@sandelman.ca  http://www.sandelman.ca/        |   ruby on rails    [





--
Michael Richardson <mcr+IETF@sandelman.ca>, Sandelman Software Works
 -= IPv6 IoT consulting =-

v2.23.0 | Report a Bug | By Email