IETF Logo Mail Archive

Re: [Captive-portals] Fwd: I-D Action: draft-ietf-capport-architecture-03.txt

Kyle Larose <kyle@agilicus.com> Wed, 02 January 2019 18:48 UTC

Return-Path: <kyle@agilicus.com>
X-Original-To: captive-portals@ietfa.amsl.com
Delivered-To: captive-portals@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 41882130EF5 for <captive-portals@ietfa.amsl.com>; Wed, 2 Jan 2019 10:48:11 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.001
X-Spam-Level:
X-Spam-Status: No, score=-2.001 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=agilicus.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id fBh4qHlRBXuI for <captive-portals@ietfa.amsl.com>; Wed, 2 Jan 2019 10:48:09 -0800 (PST)
Received: from mail-qk1-x72e.google.com (mail-qk1-x72e.google.com [IPv6:2607:f8b0:4864:20::72e]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 62CD4130F00 for <captive-portals@ietf.org>; Wed, 2 Jan 2019 10:48:09 -0800 (PST)
Received: by mail-qk1-x72e.google.com with SMTP id o125so18396108qkf.3 for <captive-portals@ietf.org>; Wed, 02 Jan 2019 10:48:09 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=agilicus.com; s=google; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=gzsh74+lnhqmvtX5iTJWQakol3RYV7q/mUxoMCm3O3w=; b=sfTSYdg8rfA7EfiELRoFVOmPtl5bqYoYWjh3e5YXC7yEST8SiUkJQl3W+QGS6KcOTt s3Qzczh0rgJioQ6vA++ewCbtz0QlFY7kI4u4+Bj94XTYrAHgrGo8d2VlnBQRqW6Km6Dt qohfYL+SECBOYss6TK3lDkXtlRRmFTPMIudWBKoRnj6ny5TAN5jWh6GHGySccThG+rmn tjBcMpxZBlKY4kcx0woYRYVVOwa8kaiNpo9g7LRbKnD2oJYWWTMrTg8nBB9osrcQKXU6 EpmnmI3k2ce2tL8U/0Bsn4+ohYdCa19OoZqw4bDl9bPjd8yJ9vDD1k4zXM8BclGZI/sT 2rlw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=gzsh74+lnhqmvtX5iTJWQakol3RYV7q/mUxoMCm3O3w=; b=VAq/FehpYxgAHqtvxf709KY3mGXF3B5fJ0uSIXBCBIpnjSV2j6xfGVKrz2f6QcWltX b0xHz4sKwGfShoWNAwUJzDQWqmA7W5R6TcZ/HseATYiRyc6ak+uxw1G99BaM/qwWOyDE /698zuQzl6p6eKDcf//bHGurnicseb/RTrG5wvfMS+4xsD8aQdCcP6MGoj0D3s0HTJkl c4NzXLKMBZIzj0ViEQxpYc4cZLydGaHlBh7y3cAcsG0Ycy+A96mKzyL8+Ur+moQ8n8GV rmLTsptsHo7DDLbXmjd5aAEhV23A84Z8rNHZwsj3OWKmXuRw3vF84ycvbwBQZV+5cVaE l8kw==
X-Gm-Message-State: AJcUukfATgwVEzgpQEYJvLau398+dB8GRl2XvVMKm9PhUsvYMW0bLjpa ozc3CeUUwbeRJPFVj7+w4TbuNUt0uqXxsD0Ybe0c
X-Google-Smtp-Source: ALg8bN7gKzGtH6wTv1PUyTTjtzFDsxeWkUfogfaxhJWI2gBEZ4LcocnT6fdxPUWPtesBrbQ3O4D3/zcignsy2iAcmS8=
X-Received: by 2002:a37:498a:: with SMTP id w132mr42405643qka.92.1546454888293; Wed, 02 Jan 2019 10:48:08 -0800 (PST)
MIME-Version: 1.0
References: <154593193395.11930.16738431366515870255@ietfa.amsl.com> <CACuvLgwCSB13U6rXGLTwpQ-riT+7fi_HyKLD2FjzDexA4u0Rkg@mail.gmail.com> <CADo9JyWAFvBiBqb5oA-vGED1Cpo8F37GzAQhke_=E1ZpJrWdSQ@mail.gmail.com>
In-Reply-To: <CADo9JyWAFvBiBqb5oA-vGED1Cpo8F37GzAQhke_=E1ZpJrWdSQ@mail.gmail.com>
From: Kyle Larose <kyle@agilicus.com>
Date: Wed, 02 Jan 2019 13:47:57 -0500
Message-ID: <CACuvLgyDcZ4oMws5YNtPtu1BiLPdbB0B7=JY5mof=N3wuYXJLg@mail.gmail.com>
To: David Bird <dbird@google.com>
Cc: captive-portals@ietf.org
Content-Type: text/plain; charset="UTF-8"
Archived-At: <https://mailarchive.ietf.org/arch/msg/captive-portals/7p8ft0fQWGOUEcH0IOwIX3GoaW0>
Subject: Re: [Captive-portals] Fwd: I-D Action: draft-ietf-capport-architecture-03.txt
X-BeenThere: captive-portals@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Discussion of issues related to captive portals <captive-portals.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/captive-portals>, <mailto:captive-portals-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/captive-portals/>
List-Post: <mailto:captive-portals@ietf.org>
List-Help: <mailto:captive-portals-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/captive-portals>, <mailto:captive-portals-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 02 Jan 2019 18:48:11 -0000

On Thu, 27 Dec 2018 at 14:14, David Bird <dbird@google.com> wrote:
>
> The section titled  "Risk of Nuisance Captive Portal" should really be talking about networks that USE the API and have NO network integration (e.g. Captive by API only, not by any network enforcement function).
>

I think the nuisance captive portal SIGNALS are a legitimate concern.
However, you raise a good point: we can't entirely trust the API -- it
may become decoupled from the network for many reasons: an attack, a
bug, misconfiguration, etc.

So, now we're talking about the risk of a nuisance API as well as
nuisance signals. I think we had been calling this a non-issue because
UE discovers the API from somewhat trusted sources -- DHCP/RA,PvD.
But, let's assume that the API is a bad actor for some reason --
discovery was compromised, the API itself was compromised, or it's
just plain broken.

Thinking about that case, you could have:

1. The API says that you have access when you don't.
2. The API says that you have access when you do.
3. The API says that you don't have access when you do.
4. The API says that you don't have access when you don't.

We don't need to worry about 2, since things should just work. For 4,
it could be a problem in that the portal will never really grant
access... I discuss that a bit further down.

In case 1. the system will try to access the network and fail. Barring
probe functionality, this means that the system will simply fail to
attach to the network properly. There's no good solution without user
intervention. With probes, I think it works out naturally -- the
system will work as it does today. But, without probes, I can't think
of a nice solution.This is a concern that has been raised in the past
(I think by you, David), since it means that we will still need probes
for a "nice experience".

In case 3. the UE will attempt to visit the portal. I can think of a
few sub-cases here:
a) The URI of the portal is bad/non-existent
b) The URI is present, works and the portal says you have access
c) The URI is present, works and the portal refuses to grant access.

b) is easy: the UE proceeds with its connection and everything works.

We need to consider a) a bit, since it's a fairly likely failure mode.
I think it's probably safe to assume that, barring probes, network
access is unavailable on this network, and the system should treat it
as such.
c) I think this should probably behave the same as a), though it's a
bit nicer in that the user has actual feedback.

It's a little unfortunate that with a) and c), the UE should have
network access, but the user thinks they do not. What if they know
that they should for some reason? Perhaps the recommendation should be
to treat it as though network access is unavailable, barring explicit
direction from the user to use the network, or confirmation that
network access is available through probes.

Case 4 can likely be handled in a similar way to case 3 -- you never
get access, so the user either chooses a different network, or
overrides the system's default, which then proves to them that the
network does not provide access.


> Happy Holidays!
>
> Cheers,
> David
>
>

v2.23.0 | Report a Bug | By Email