Re: [Captive-portals] Arguments against (any) Capport "API"
David Bird <dbird@google.com> Wed, 05 April 2017 17:45 UTC
Return-Path: <dbird@google.com>
X-Original-To: captive-portals@ietfa.amsl.com
Delivered-To: captive-portals@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1F459126C26 for <captive-portals@ietfa.amsl.com>; Wed, 5 Apr 2017 10:45:38 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.991
X-Spam-Level:
X-Spam-Status: No, score=-1.991 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001, T_KAM_HTML_FONT_INVALID=0.01] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=google.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id u1JItsHspXOA for <captive-portals@ietfa.amsl.com>; Wed, 5 Apr 2017 10:45:35 -0700 (PDT)
Received: from mail-qt0-x230.google.com (mail-qt0-x230.google.com [IPv6:2607:f8b0:400d:c0d::230]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E59BD127871 for <captive-portals@ietf.org>; Wed, 5 Apr 2017 10:45:34 -0700 (PDT)
Received: by mail-qt0-x230.google.com with SMTP id r45so17083304qte.3 for <captive-portals@ietf.org>; Wed, 05 Apr 2017 10:45:34 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=90xtrJVBIlfeIGFdAQoYtPMqa2H0nGs+JJzNtBRddl8=; b=QYUq5qCArvDf46hWWsTD3eXtonKlguZCdo6QnMARYPZB9tJrrcUG1RmVUyjCG2RpVk 08alI6GcwNcaGpmUt6hBVO5MVKya8Vy+y4hrh5tcwE822ObaKoXVMihQG6q+7t+Gsg68 VtaLat1Cq7PEJ0OnCW+Ky0P5cWVBMrPQNJK3WQgiQcSaK5lDfoS9C8jDNiwpQosTapeZ uiFz2NExAEy8dtXXUCFw4GPlxD5PZQ8JjqlSL0ikRGOcAlU92P5HBqhNF8AswmN5OooE GGjj1TMFmoVbTL+wQKeyJJURqjz2LY+4EjqNztDr9pkb8pxGTIrvMie1k0/8or9uqIh4 cxbA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=90xtrJVBIlfeIGFdAQoYtPMqa2H0nGs+JJzNtBRddl8=; b=iY4aj+fudGkX5aIp6yHHfGngqRUuUAQsGRsQ6J8Fn8c4McnwG5W+ShZeVW41C8knCv VkzKypopIp760Fj+sE/0OWO9VRTjMDW+3uKBd6gj3zjbs2gcbYrbMyQI6l+U+MLngMMW owxGZqarmboZ70JgXTmOhUuSch6u9/yKL/634JX9fn0E23ZhmM8ba3S5oJpzjotoGeMZ /xO8JxbQakv0mnb89z33bSAxcR/PbwlkyfcMYwN8htPQDJRXKrEwdDT+lSniGYMUOk5b qefP0rpkI1xStZNjmtoIl4YrSPvHxc950OujqVldGDByJEqZWF6WE8zgNGose6AOMsN4 2bGw==
X-Gm-Message-State: AFeK/H3Ru23+VgiwWnChAIuxXVwBqsPR59UJm1oxkGZnipzivf8PZRYRzk3w0ni9Lw+HcwJ2dTGtXgQmDO2DAF4b
X-Received: by 10.200.47.129 with SMTP id l1mr30391066qta.112.1491414333823; Wed, 05 Apr 2017 10:45:33 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.12.128.233 with HTTP; Wed, 5 Apr 2017 10:45:32 -0700 (PDT)
In-Reply-To: <c7ace5a6-8b0d-40d8-066c-dea49a9dd4e0@sjrb.ca>
References: <CADo9JyU2wiEBB4L7ADSybt9se7jCN764JSEoHuGTcuiU_jDscQ@mail.gmail.com> <alpine.DEB.2.02.1704042139110.27978@uplift.swm.pp.se> <CADo9JyVr07w5GRpF+UzSBHRuo=V=3p9MeyhFdzB+5pZk7_amNw@mail.gmail.com> <alpine.DEB.2.02.1704050613130.27978@uplift.swm.pp.se> <CADo9JyXMkqomOpvUWhzZs77eOPvx-g0L-tR5oSz6D4mfjaaUWQ@mail.gmail.com> <c878b23d-c078-987f-84e0-2a99f2e08dbd@sjrb.ca> <CADo9JyUyQo++b=_oLHd33vjsA_KxLcwwTFjb3T4PDeWmyBfPwQ@mail.gmail.com> <CADo9JyUwVp+xkO444NRH=oMW++MJeCpPHo+j6vg8hfA6wBYGKw@mail.gmail.com> <c57d722e-6d1e-7023-dcf2-a589a8d3d5cc@sjrb.ca> <E8355113905631478EFF04F5AA706E9870579542@wtl-exchp-1.sandvine.com> <CADo9JyWPQeDO1iDDi_ywQie21UgcaBuOArZ+wBBxkRV1E6YA_Q@mail.gmail.com> <c7ace5a6-8b0d-40d8-066c-dea49a9dd4e0@sjrb.ca>
From: David Bird <dbird@google.com>
Date: Wed, 05 Apr 2017 10:45:32 -0700
Message-ID: <CADo9JyX+iUFYae_fYqWVi7AwQCnLQYP0dHgwM+fxf_5OTVwuqA@mail.gmail.com>
To: Christian Saunders <Christian.Saunders@sjrb.ca>
Cc: "captive-portals@ietf.org" <captive-portals@ietf.org>
Content-Type: multipart/alternative; boundary="001a113776f2952946054c6ef5ba"
Archived-At: <https://mailarchive.ietf.org/arch/msg/captive-portals/BXt6NEa8x5YD0mF5wD-_wQ7C2nY>
Subject: Re: [Captive-portals] Arguments against (any) Capport "API"
X-BeenThere: captive-portals@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Discussion of issues related to captive portals <captive-portals.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/captive-portals>, <mailto:captive-portals-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/captive-portals/>
List-Post: <mailto:captive-portals@ietf.org>
List-Help: <mailto:captive-portals-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/captive-portals>, <mailto:captive-portals-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 05 Apr 2017 17:45:38 -0000
There are problems with WISPr, one being that it has somewhat ambiguous copyrights, which is why you will not find it easily on-line. It was proposed by WFA, but never ratified. With that said, there are some lessons to be learned from it: - It probably would be good to have something with cleaner specifications, but adoption by the long-tail hotspot operators could be slow (even slower thank upgrading NAS capabilities). Critical to vendor/venue adaption will be roaming aggregator adoption, and you have the chick and egg problem. - WISPr XML wasn't overly complicated, but it being implemented by all sorts of portals, in all sorts of ways, gave it a very bad reputation as being broken. (A fear I have for our API as well.) - WISPr only defined, basically, a Username / Password login method, which fits AAA/RADIUS models, and the industry has largely adapted to (for instance, it is common to do 'Mac Auth' using a shared 'Password' field or to fit voucher codes into a username/password combinations). On Wed, Apr 5, 2017 at 10:30 AM, Christian Saunders < Christian.Saunders@sjrb.ca> wrote: > Does WISPr support all of the use cases? Is there a publicly available > source for the WISPr XML spec? > > Cheers! > > Christian > > > On 17-04-05 11:15 AM, David Bird wrote: > > I agree with that... but, to be clear, it really is just an improvement on > WISPr XML, and with WISPr XML already, not only used, but used to make > money, the reasons for supporting this API MUST be inline with the > venue/Operator needs. 'Automating login' (as a focus for the API) quickly > becomes venue / regional / legal / vertical / application / access policy > dependent.. Not to mention, I question the value for the user in making it > super simple for their devices to auto-login into public access networks > (without clear user intent). This seems irresponsible, on our part, when > there are solutions out there already that do automate this login, but only > after taking extra security measures (presumably, hotspot aggregators > conceal your identity when roaming, and their Apps can do more things). > > On Wed, Apr 5, 2017 at 9:51 AM, Dave Dolson <ddolson@sandvine.com> wrote: > >> This is OK if you only need to serve devices with browsers and attentive >> humans. >> >> The API offers possibilities for automation in the device by making a >> formal data model (vs. HTML). >> >> >> >> >> >> *From:* Captive-portals [mailto:captive-portals-bounces@ietf.org] *On >> Behalf Of *Christian Saunders >> *Sent:* Wednesday, April 5, 2017 12:38 PM >> *To:* David Bird >> *Cc:* captive-portals@ietf.org >> *Subject:* Re: [Captive-portals] Arguments against (any) Capport "API" >> >> >> >> The currently proposed solution has 3 components: >> >> >> 1. The ICMP component is used to detect a captive network. >> >> 2. The DHCP component is used to discover the address of the Captive >> Portal. >> >> 3. The API is an information service with a standardized interface that >> allows discovery and potentially remediation of the requirements for >> network access. >> >> The ICMP and DHCP components are sufficient to resolve the redirection >> and HTTPS issue. >> >> I would consider the API as an optional component - it might create some >> user experience benefits if the device developers and network operators >> choose to use it. >> >> The difficulty with the API is having a way of codifying all of the >> possible network access requirements. I'm not sure this is reasonably >> possible. >> >> Assuming that such a definition is possible, then there is some benefit >> to the common definition. >> >> (It also strikes me that this definition would make a nice back end >> design for the Captive Portal itself.) >> >> Cheers! >> >> Christian >> >> >> >> On 17-04-05 10:25 AM, David Bird wrote: >> >> Edits in-line :) >> >> >> >> On Wed, Apr 5, 2017 at 9:06 AM, David Bird <dbird@google.com> wrote: >> >> A few more key benefits of the ICMP approach : >> >> >> >> - Capport detection is made easier for the client, even when RFC 7710 (or >> any API) is *NOT* implemented (as long as the NAS is Capport compliant). >> >> >> >> - "Signaling" can be done by different components (NAS, iptables, >> rate-limiter, PCEF, etc), without (necessarily) needing to coordinate with >> a central service. >> >> >> >> - In defining the RFC in how a NAS should handle blocking traffic for >> Capport compliant devices, we are also defining how the NAS should handle >> Legacy devices - which is, there is no difference - they both get ICMP Dest >> Unreach w/Capport extension) - which is helpful. >> >> >> >> >> >> >> > > > > _______________________________________________ > Captive-portals mailing listCaptive-portals@ietf.orghttps://www.ietf.org/mailman/listinfo/captive-portals > > >
- Re: [Captive-portals] Arguments against (any) Cap… Michael Richardson
- Re: [Captive-portals] Arguments against (any) Cap… David Bird
- Re: [Captive-portals] Arguments against (any) Cap… David Bird
- Re: [Captive-portals] Arguments against (any) Cap… Erik Kline
- Re: [Captive-portals] Arguments against (any) Cap… Erik Kline
- Re: [Captive-portals] Arguments against (any) Cap… Mark Nottingham
- [Captive-portals] time-based walled gardens Michael Richardson
- Re: [Captive-portals] time-based walled gardens David Bird
- Re: [Captive-portals] time-based walled gardens Michael Richardson
- Re: [Captive-portals] Arguments against (any) Cap… David Bird
- Re: [Captive-portals] time-based walled gardens David Bird
- Re: [Captive-portals] time-based walled gardens Mikael Abrahamsson
- Re: [Captive-portals] time-based walled gardens David Bird
- Re: [Captive-portals] time-based walled gardens Mikael Abrahamsson
- Re: [Captive-portals] time-based walled gardens David Bird
- Re: [Captive-portals] time-based walled gardens Mikael Abrahamsson
- Re: [Captive-portals] Arguments against (any) Cap… Lorenzo Colitti
- Re: [Captive-portals] time-based walled gardens David Bird
- Re: [Captive-portals] time-based walled gardens Dave Dolson
- Re: [Captive-portals] time-based walled gardens Erik Kline
- Re: [Captive-portals] time-based walled gardens David Bird
- Re: [Captive-portals] time-based walled gardens Mark Nottingham
- Re: [Captive-portals] time-based walled gardens Mark Nottingham
- Re: [Captive-portals] time-based walled gardens David Bird
- Re: [Captive-portals] time-based walled gardens David Bird
- Re: [Captive-portals] time-based walled gardens Mikael Abrahamsson
- Re: [Captive-portals] time-based walled gardens Niall Hogg
- Re: [Captive-portals] time-based walled gardens Mikael Abrahamsson
- Re: [Captive-portals] time-based walled gardens David Bird
- Re: [Captive-portals] time-based walled gardens Mikael Abrahamsson
- Re: [Captive-portals] time-based walled gardens David Bird
- Re: [Captive-portals] time-based walled gardens Christian Saunders
- Re: [Captive-portals] Arguments against (any) Cap… Dave Dolson
- Re: [Captive-portals] Arguments against (any) Cap… Martin Thomson
- Re: [Captive-portals] time-based walled gardens Erik Kline
- [Captive-portals] Arguments against (any) Capport… David Bird
- Re: [Captive-portals] Arguments against (any) Cap… Mikael Abrahamsson
- Re: [Captive-portals] Arguments against (any) Cap… David Bird
- Re: [Captive-portals] Arguments against (any) Cap… Kyle Larose
- Re: [Captive-portals] Arguments against (any) Cap… David Bird
- Re: [Captive-portals] Arguments against (any) Cap… Christian Saunders
- Re: [Captive-portals] Arguments against (any) Cap… David Bird
- Re: [Captive-portals] Arguments against (any) Cap… Mikael Abrahamsson
- Re: [Captive-portals] Arguments against (any) Cap… Tim Chown
- Re: [Captive-portals] Arguments against (any) Cap… David Bird
- Re: [Captive-portals] Arguments against (any) Cap… David Bird
- Re: [Captive-portals] Arguments against (any) Cap… Michael Richardson
- Re: [Captive-portals] Arguments against (any) Cap… Erik Kline
- Re: [Captive-portals] Arguments against (any) Cap… Erik Kline
- Re: [Captive-portals] Arguments against (any) Cap… David Bird
- Re: [Captive-portals] Arguments against (any) Cap… Christian Saunders
- Re: [Captive-portals] Arguments against (any) Cap… David Bird
- Re: [Captive-portals] Arguments against (any) Cap… David Bird
- Re: [Captive-portals] Arguments against (any) Cap… Dave Dolson
- Re: [Captive-portals] Arguments against (any) Cap… Christian Saunders
- Re: [Captive-portals] Arguments against (any) Cap… Dave Dolson
- Re: [Captive-portals] Arguments against (any) Cap… Dave Dolson
- Re: [Captive-portals] Arguments against (any) Cap… David Bird
- Re: [Captive-portals] Arguments against (any) Cap… Christian Saunders
- Re: [Captive-portals] Arguments against (any) Cap… Christian Saunders
- Re: [Captive-portals] Arguments against (any) Cap… David Bird
- Re: [Captive-portals] Arguments against (any) Cap… Christian Saunders
- Re: [Captive-portals] Arguments against (any) Cap… Sascha.Dech
- Re: [Captive-portals] Arguments against (any) Cap… David Bird
- Re: [Captive-portals] Arguments against (any) Cap… Vincent van Dam
- Re: [Captive-portals] Arguments against (any) Cap… David Bird
- Re: [Captive-portals] Arguments against (any) Cap… David Bird
- Re: [Captive-portals] Arguments against (any) Cap… Michael Richardson
- Re: [Captive-portals] Arguments against (any) Cap… Michael Richardson
- Re: [Captive-portals] Arguments against (any) Cap… Michael Richardson
- Re: [Captive-portals] Arguments against (any) Cap… David Bird
- Re: [Captive-portals] Arguments against (any) Cap… David Bird
- Re: [Captive-portals] Arguments against (any) Cap… David Bird
- Re: [Captive-portals] Arguments against (any) Cap… Martin Thomson
- Re: [Captive-portals] Arguments against (any) Cap… David Bird
- Re: [Captive-portals] Arguments against (any) Cap… Vincent van Dam
- Re: [Captive-portals] Arguments against (any) Cap… Martin J. Dürst
- Re: [Captive-portals] Arguments against (any) Cap… David Bird
- Re: [Captive-portals] Arguments against (any) Cap… Erik Kline
- Re: [Captive-portals] Arguments against (any) Cap… David Bird
- Re: [Captive-portals] Arguments against (any) Cap… David Bird
- Re: [Captive-portals] Arguments against (any) Cap… Erik Kline
- Re: [Captive-portals] Arguments against (any) Cap… David Bird
- Re: [Captive-portals] time-based walled gardens David Bird
- Re: [Captive-portals] time-based walled gardens Mark Nottingham
- Re: [Captive-portals] time-based walled gardens Mikael Abrahamsson
- Re: [Captive-portals] time-based walled gardens David Bird
- Re: [Captive-portals] time-based walled gardens Kyle Larose
- Re: [Captive-portals] time-based walled gardens David Bird
- Re: [Captive-portals] time-based walled gardens Erik Kline