Re: [Captive-portals] Review of draft-ietf-capport-rfc7710bis
"Martin Thomson" <mt@lowentropy.net> Mon, 22 July 2019 20:49 UTC
Return-Path: <mt@lowentropy.net>
X-Original-To: captive-portals@ietfa.amsl.com
Delivered-To: captive-portals@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8FA4212008C for <captive-portals@ietfa.amsl.com>; Mon, 22 Jul 2019 13:49:02 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.701
X-Spam-Level:
X-Spam-Status: No, score=-2.701 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=lowentropy.net header.b=gEbSr+kb; dkim=pass (2048-bit key) header.d=messagingengine.com header.b=uTheaw68
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id bv49pfpTwQNs for <captive-portals@ietfa.amsl.com>; Mon, 22 Jul 2019 13:49:01 -0700 (PDT)
Received: from wnew1-smtp.messagingengine.com (wnew1-smtp.messagingengine.com [64.147.123.26]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 10E1D120127 for <captive-portals@ietf.org>; Mon, 22 Jul 2019 13:49:01 -0700 (PDT)
Received: from compute1.internal (compute1.nyi.internal [10.202.2.41]) by mailnew.west.internal (Postfix) with ESMTP id 6DF09506 for <captive-portals@ietf.org>; Mon, 22 Jul 2019 16:49:00 -0400 (EDT)
Received: from imap2 ([10.202.2.52]) by compute1.internal (MEProxy); Mon, 22 Jul 2019 16:49:00 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=lowentropy.net; h=mime-version:message-id:in-reply-to:references:date:from:to :subject:content-type; s=fm2; bh=HJ26mVcfN9T3gmLT9jNbXgmLRqrERPM BUcLxja5GhXs=; b=gEbSr+kbqaMbwWSu3pNc+iksAX8axM964/lKLMviFK0Y8h0 nrhsFrsKWRU4VlTnMAXQr2qw0KeieWVNgEyU1/mpnx2099EBc3HbnhhBioznJxwZ n81rf9sAYk0mm2vCkFjrXK13G9uQ9wHnncGpj3zh6qh3B4Sd1SW+4qQJeFdgUNqk EgZgJYWOl09IKh6UY47fOZQQ92Pv5qzSHnZKYiEGd5YLpow9tsr+Jy25I/IWYRYZ 46/I76BiLQThh0yiL6B7RwFWmM24JYRil4QlzfLXXLV8XKGltXPh/fgaUwSVbNv2 0AZvpepawo9pxzZXOuuP5QtAwXqVVo6CdqhOtjQ==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=content-type:date:from:in-reply-to :message-id:mime-version:references:subject:to:x-me-proxy :x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s=fm3; bh=HJ26mV cfN9T3gmLT9jNbXgmLRqrERPMBUcLxja5GhXs=; b=uTheaw68ilgQKukRvGhI3A ntshNWIMc6h4h+KKucuROqi/73pK6rJWGF8PqXRW0eIUnJd7t2OtSY8fGcG2b7xO OiSQIgCmmxJLw3VmfhaJq1bMCaI9xvv4YZNEe0ugluGeWyUAqiMoOmvKUaQPFkuk yGh5XeYGJpKVeYqOcdSyCymylkJ9WeRCLiLFAAQ0HPsu9sz+rutZhJTNv24iSrEr XexkgxVUhqCmBz1XDMCMsEslWW79DcT72bnhOLKmEv8OE7JFuMbgWK3LjyEcCSyM usQrYaweQY75I83GvU9h5KF4jh+p+2LnWm5u3Xz/yDPGNMEAyKnGvF/hXQfseFNg ==
X-ME-Sender: <xms:OyE2Xc0P5mr0NC39Cpxg40xNtJ6D-YOSAq4CoyzjT_ECqC7dSat2ig>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgeduvddrjeeggdduheejucetufdoteggodetrfdotf fvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdfqfgfvpdfurfetoffkrfgpnffqhgen uceurghilhhouhhtmecufedttdenucenucfjughrpefofgggkfgjfhffhffvufgtsehttd ertderredtnecuhfhrohhmpedfofgrrhhtihhnucfvhhhomhhsohhnfdcuoehmtheslhho figvnhhtrhhophihrdhnvghtqeenucfrrghrrghmpehmrghilhhfrhhomhepmhhtsehloh ifvghnthhrohhphidrnhgvthenucevlhhushhtvghrufhiiigvpedt
X-ME-Proxy: <xmx:OyE2XRJbfYyAla_3gN8uBAWLork0mkYFTWKyUOIfOmlHe8doe5zmGg> <xmx:OyE2XT8OBmZkwjDa277djdCFV7fwXCPJIsv1vJV9gKUhok5pp1FU5g> <xmx:OyE2Xd8d4Fqt8Q_4YoO1azOKypB0QDZyYufIO3qfmwlOPkeSFTTB_g> <xmx:PCE2XZb-dQEbQDuxiJi4Q_D_NeYlsklMIv-8XfGXAIYMXlQ7gqeR0VLRe1Q>
Received: by mailuser.nyi.internal (Postfix, from userid 501) id C1A53E00CC; Mon, 22 Jul 2019 16:48:58 -0400 (EDT)
X-Mailer: MessagingEngine.com Webmail Interface
User-Agent: Cyrus-JMAP/3.1.6-736-gdfb8e44-fmstable-20190718v2
Mime-Version: 1.0
Message-Id: <01ad5bf0-1f60-4dbb-aa83-31d14fce6082@www.fastmail.com>
In-Reply-To: <CAKD1Yr32DXr8fYHP_x7z9pQWwSchey8zQW11vw02bW9ONEV8Kg@mail.gmail.com>
References: <CAKD1Yr32DXr8fYHP_x7z9pQWwSchey8zQW11vw02bW9ONEV8Kg@mail.gmail.com>
Date: Mon, 22 Jul 2019 16:48:57 -0400
From: Martin Thomson <mt@lowentropy.net>
To: captive-portals@ietf.org
Content-Type: text/plain
Archived-At: <https://mailarchive.ietf.org/arch/msg/captive-portals/BtgeJBHQIkiaa98aCk1V96LLQjQ>
Subject: Re: [Captive-portals] Review of draft-ietf-capport-rfc7710bis
X-BeenThere: captive-portals@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Discussion of issues related to captive portals <captive-portals.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/captive-portals>, <mailto:captive-portals-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/captive-portals/>
List-Post: <mailto:captive-portals@ietf.org>
List-Help: <mailto:captive-portals-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/captive-portals>, <mailto:captive-portals-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 22 Jul 2019 20:49:03 -0000
Thanks for the review Lorenzo. On Mon, Jul 22, 2019, at 11:17, Lorenzo Colitti wrote: > 2. I'm surprised that the following text is present. It seems like we > should disallow IP literals for compatibility with IPv6. But perhaps > SHOULD is enough here. > > The URI SHOULD NOT contain an IP address literal. I tend to think that the core goal is that the URI contain a target identity that can be authenticated when accessed over HTTPS. That generally means that IP literals aren't a good idea, but I wouldn't make this statement. I would instead emphasize that this is an HTTPS URI. Though I would not go into great detail on what that means, I would refer to RFC 7230. > 3. The section that documents the link relation type should mention > what should happen if the portal is already open. Should the captive > portal add this header to probe responses even if the portal is already > open? if it does not, there is no way for a device to learn the API URL > if it connects to a portal, logs in, disconnects, and then reconnects, > because when it reconnects the portal will be open. Good point. I would be interested in hearing what the working group thinks of this. To my understanding, this is a problem that exists today. So we may decide not to worry about this particular problem, but just document it. That would make this path less good than other options (like DHCP/RA), but I don't want to encourage networks to intercept EVERY request that passes.
- [Captive-portals] Review of draft-ietf-capport-rf… Lorenzo Colitti
- Re: [Captive-portals] Review of draft-ietf-cappor… Martin Thomson
- Re: [Captive-portals] Review of draft-ietf-cappor… Lorenzo Colitti
- Re: [Captive-portals] Review of draft-ietf-cappor… David Bird
- Re: [Captive-portals] Review of draft-ietf-cappor… Martin Thomson
- Re: [Captive-portals] Review of draft-ietf-cappor… Lorenzo Colitti
- Re: [Captive-portals] Review of draft-ietf-cappor… David Bird
- Re: [Captive-portals] Review of draft-ietf-cappor… Martin Thomson
- Re: [Captive-portals] Review of draft-ietf-cappor… David Bird
- Re: [Captive-portals] Review of draft-ietf-cappor… David Bird
- Re: [Captive-portals] Review of draft-ietf-cappor… Martin Thomson
- Re: [Captive-portals] Review of draft-ietf-cappor… Lorenzo Colitti
- Re: [Captive-portals] Review of draft-ietf-cappor… Tommy Pauly
- Re: [Captive-portals] Review of draft-ietf-cappor… Michael Richardson
- Re: [Captive-portals] Review of draft-ietf-cappor… Remi NGUYEN VAN
- Re: [Captive-portals] Review of draft-ietf-cappor… Martin Thomson
- Re: [Captive-portals] Review of draft-ietf-cappor… Chris Spencer
- Re: [Captive-portals] Review of draft-ietf-cappor… Martin Thomson
- Re: [Captive-portals] Review of draft-ietf-cappor… Remi NGUYEN VAN
- [Captive-portals] customizing API URLs vs ??? Michael Richardson
- Re: [Captive-portals] customizing API URLs vs ??? Nicolas Mailhot
- Re: [Captive-portals] customizing API URLs vs ??? Michael Richardson
- Re: [Captive-portals] customizing API URLs vs ??? Nicolas Mailhot