[Captive-portals] thoughts on two documents
Erik Kline <ek@google.com> Sun, 23 April 2017 14:41 UTC
Return-Path: <ek@google.com>
X-Original-To: captive-portals@ietfa.amsl.com
Delivered-To: captive-portals@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0FCEC12955B for <captive-portals@ietfa.amsl.com>; Sun, 23 Apr 2017 07:41:35 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.7
X-Spam-Level:
X-Spam-Status: No, score=-2.7 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=google.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Br3mcL9AEX-y for <captive-portals@ietfa.amsl.com>; Sun, 23 Apr 2017 07:41:33 -0700 (PDT)
Received: from mail-yw0-x22f.google.com (mail-yw0-x22f.google.com [IPv6:2607:f8b0:4002:c05::22f]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 12AD912955D for <captive-portals@ietf.org>; Sun, 23 Apr 2017 07:41:33 -0700 (PDT)
Received: by mail-yw0-x22f.google.com with SMTP id k11so21891075ywb.1 for <captive-portals@ietf.org>; Sun, 23 Apr 2017 07:41:33 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:from:date:message-id:subject:to:cc; bh=rvKMW58I8OeKu0YQmNMVtjgOwW8PTXB8immXpnypmYc=; b=R1lhabaZ3MvSWRM0XVF77oeuRMaLsmm2NZdnywoDc78YpIUuFxjDx1LIKIaLR52vRa QWETEgUO9JKIO/3jnORbCsfIkzSWNYPhF4m2JaIKYWQpZJ03sYlzwvaFwGjSTjzWB3xy Ye0hmdZwlSoHLRSn3TEcxpd2pZZPvvaslmVo5w3qVVexoljDidm0PIkNlvExLH1F3Igy DWrU4ezHoCIdrN5bOq2DUn3Znp8JMUrkfhE6RTY4fYQVaR83Ozy/qFpDenkZQyTa7cY1 o785A8digfSwhkJYUjmw2rrbc6c+tPpEO0sZ5YeUOWxQjVVOL6Tli1x0F30BuY13xHa+ gqmw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to:cc; bh=rvKMW58I8OeKu0YQmNMVtjgOwW8PTXB8immXpnypmYc=; b=lpi+Pe7CX0GUoUhgUJ2+QNMD8SctQnSCJQizyRublLZcSYGTCHhXUlyHMJvaxkI30d 7XXUkli6zIIfjIqpvB6llsIu51Jkg2vEyLd9I2pKyFuqrPVjZ4BGGKz/ISIecQA4d5t3 tne6/wSiFi5n4b9FytKKYiOX44ulvkgmUegkLVBMEA7NKUTUg/rJXMELnfj8b8bYeIkT RpPe5UOqYWMQAlob1Wy2+JUFc9pOjlONKUNkZ5lcj8HLDoaTPS5xPPjqZw01MwXV+qlF KZRz52LbR6MpXqNtiYVQq5rmQ9Ho3k5RxCMcisws7Mjl4Hkg8EMBS8US8/ygJ8YRNwZ2 h7qA==
X-Gm-Message-State: AN3rC/4fMTD3Gmxhd7naAAZTG4Vlf8U52qJc3rbdr4j5wDa6Injo/oZ2 O9Mx8zctOKl7RcbQVxfh7K2uF8Yc9ie6
X-Received: by 10.13.238.6 with SMTP id x6mr1459831ywe.243.1492958490702; Sun, 23 Apr 2017 07:41:30 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.37.105.84 with HTTP; Sun, 23 Apr 2017 07:41:10 -0700 (PDT)
From: Erik Kline <ek@google.com>
Date: Sun, 23 Apr 2017 23:41:10 +0900
Message-ID: <CAAedzxqP4-JeBL5W-2zG7p1fxwT6oHj29WAPVyQWK-hz20rX3A@mail.gmail.com>
To: David Bird <dbird@google.com>, Kyle Larose <klarose@sandvine.com>
Cc: captive-portals@ietf.org
Content-Type: multipart/signed; protocol="application/pkcs7-signature"; micalg="sha-256"; boundary="94eb2c0361608a19ea054dd67c2a"
Archived-At: <https://mailarchive.ietf.org/arch/msg/captive-portals/DT9q6G6oEGzIwYR7nh4vi9qMMnM>
Subject: [Captive-portals] thoughts on two documents
X-BeenThere: captive-portals@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Discussion of issues related to captive portals <captive-portals.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/captive-portals>, <mailto:captive-portals-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/captive-portals/>
List-Post: <mailto:captive-portals@ietf.org>
List-Help: <mailto:captive-portals-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/captive-portals>, <mailto:captive-portals-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 23 Apr 2017 14:41:35 -0000
All, I have the vague feeling that there might be some general agreement around the idea of having an ICMP unreachable code for captive portals (like an HTTP 511 code [https://tools.ietf.org/html/rfc6585#section-6] for ICMP :-), and it seems like there's no objection from captive portal implementers with respect to the basic functional elements captured in draft-larose-capport-architecture. Where I think some rough spots might lie for both of these is in their integration with as-yet-undecided new behaviour. To that point, I would like to take my co-chair hat off and ask the authors and the group for opinions of the following. [ draft-wkumari-capport-icmp-unreach ] There was some unresolved discussion about the contents of any included extension. I wonder if the extra payload parts might be removed (Dave Dolson's comment, I think?) and thereby simplify this version of the document. Given that Destination Unreachable is a TCP soft error (vis. RFC 5461) I'm not sure how much the proposed extra validation semantics are really adding. If the document simply said that receiving and authenticating an ICMP message with the capport code generically "MAY/SHOULD trigger the receiving node's captive portal handling subsystem", would that be something that folks might agree on? We'll need to run this whole thing by intarea and 6man as well, of course. And nothing stops us from proposing a mulit-part extension to be optionally included in a future document, once the captive portal interaction recommendations are more fully understood. [ draft-larose-capport-architecture ] I felt it was promising to hear some agreement about the functional elements of a captive portal system as documented. Given that the captive portal interaction process is still on-going work, would the document authors think it worth trying to advance the document with either (a) section 3 removed or (b) section 3 rewritten to describe broadly how most clients behave today? Even given the variety of clients I think it could be roughly captured (e.g. make a few sacrificial queries to trigger DNS/HTTP rewrites, keep trying until a sacrificial query produces an expected result while launching an HTTP-capable application, and so on). -Erik
- Re: [Captive-portals] thoughts on two documents Lorenzo Colitti
- Re: [Captive-portals] thoughts on two documents Dave Dolson
- [Captive-portals] thoughts on two documents Erik Kline
- Re: [Captive-portals] thoughts on two documents Erik Kline
- Re: [Captive-portals] thoughts on two documents Michael Richardson
- Re: [Captive-portals] thoughts on two documents Michael Richardson