Re: [Captive-portals] Last Call: <draft-ietf-capport-architecture-08.txt> (CAPPORT Architecture) to Informational RFC

Martin Thomson <mt@lowentropy.net> Tue, 12 May 2020 23:49 UTC

Return-Path: <mt@lowentropy.net>
X-Original-To: captive-portals@ietfa.amsl.com
Delivered-To: captive-portals@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CD3743A0C85 for <captive-portals@ietfa.amsl.com>; Tue, 12 May 2020 16:49:02 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.098
X-Spam-Level:
X-Spam-Status: No, score=-2.098 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=lowentropy.net header.b=BKayUbWp; dkim=pass (2048-bit key) header.d=messagingengine.com header.b=fbgXvvcb
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id nZsFbaUfPfwL for <captive-portals@ietfa.amsl.com>; Tue, 12 May 2020 16:49:01 -0700 (PDT)
Received: from wout2-smtp.messagingengine.com (wout2-smtp.messagingengine.com [64.147.123.25]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A7ABF3A0C7F for <captive-portals@ietf.org>; Tue, 12 May 2020 16:49:01 -0700 (PDT)
Received: from compute2.internal (compute2.nyi.internal [10.202.2.42]) by mailout.west.internal (Postfix) with ESMTP id B8169804 for <captive-portals@ietf.org>; Tue, 12 May 2020 19:49:00 -0400 (EDT)
Received: from imap2 ([10.202.2.52]) by compute2.internal (MEProxy); Tue, 12 May 2020 19:49:00 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=lowentropy.net; h=mime-version:message-id:in-reply-to:references:date:from:to :subject:content-type; s=fm2; bh=ZNgfjq3vbZNrpOKSekfUqLD3fKuGCMF XCOO8RuBlJBM=; b=BKayUbWpsaZp93aamnJylxh9JSjzWMQcukPAUt2TPheoZZU l+JPi++aYJIdeEIuhvELzazm4u0ei947OMJ75RzMDIqrzKEZcZ2fapzJfRjfWjRJ olhQ7F/1VblwP2y/HezjHcSvRIttwMGHdeCRDUJ/tDphW3Ix3EE8JlqmOmNqOwan 4kvR8doUy30T1s/gIWs2FodQqiISNFM0GXW1ewy5WyT87ydjHMSoNmcDJe6+mHLI 0xseCNuuf5r4eU2lEy5JNHUzwE5bRnPWl/h44kFJTvL3afYeJKLtgU/kzYK6soSB zx7FKlPP6w1kpEQlYhL92HQiSxmYJIFvyRT2PBA==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=content-type:date:from:in-reply-to :message-id:mime-version:references:subject:to:x-me-proxy :x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s=fm2; bh=ZNgfjq 3vbZNrpOKSekfUqLD3fKuGCMFXCOO8RuBlJBM=; b=fbgXvvcbtWkELStHlRdsW4 8X5pD4bk5jipBvGG6pVp/zkJqRueD96dJetxKrsyPLAykyGFttC0SiP60YHgTBpb 9NmRpr1OVk0AI4nnTY1uj6ow8KD4cjbRDrE23OLwsSM7gi5nTzhj4SI0um7AVrlT snRcok8IRIMiKNzlH3plz2J8Cj2ZOrW+p9yN/ot1z5o4fo3CHu6kQAHaVm9OwlfM 4XtYXlfeUcYBSrwQBlTDyfcwlqphfKUY64ilKvDpOWyweKN29uRSara5/Po/xyqv vhLlbYsO4EgpDBM+XNQy9/7b+n+QRtLCISwfz/Ygir3mcNaOQO9FLjdK7hEKiY9g ==
X-ME-Sender: <xms:6zW7XvySZjDNKo2Ukyn1S1VvJHdyaSxjiAceG2HlYCxv3oDj77MtIw>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgeduhedrleefgddviecutefuodetggdotefrodftvf curfhrohhfihhlvgemucfhrghsthforghilhdpqfgfvfdpuffrtefokffrpgfnqfghnecu uegrihhlohhuthemuceftddtnecunecujfgurhepofgfggfkjghffffhvffutgesthdtre dtreerjeenucfhrhhomhepfdforghrthhinhcuvfhhohhmshhonhdfuceomhhtsehlohif vghnthhrohhphidrnhgvtheqnecuggftrfgrthhtvghrnhepheefteduudduhedtkefhvd fhteelffdujeegjeffheffveekudeigfeuveekfeelnecuvehluhhsthgvrhfuihiivgep tdenucfrrghrrghmpehmrghilhhfrhhomhepmhhtsehlohifvghnthhrohhphidrnhgvth
X-ME-Proxy: <xmx:6zW7XnQZARSo0_Z6960IXG0h9TciVJjj5vS6w4oV__XEW0C_cRlzoQ> <xmx:6zW7XpVmpoc4lHDwB-KxkpDImHkF0iS_ZTYV7NkNx7OKHihXXDHOcQ> <xmx:6zW7Xpj3Qk6CpIXLqD_-ESBOIVhRbogiF4h-ihdIv96gFdz3C8OLbQ> <xmx:7DW7XtyDoE1BNQJL5YQwHTQkjGWKD_ZYFoUPC6Lgp_q_t227ZvTgEg>
Received: by mailuser.nyi.internal (Postfix, from userid 501) id 53868E00B0; Tue, 12 May 2020 19:48:59 -0400 (EDT)
X-Mailer: MessagingEngine.com Webmail Interface
User-Agent: Cyrus-JMAP/3.3.0-dev0-413-g750b809-fmstable-20200507v1
Mime-Version: 1.0
Message-Id: <7b13924e-324c-4dd5-81c3-ec91ef8c4602@www.fastmail.com>
In-Reply-To: <CA+nkc8CrRp+C_pFopgWRNCoCYD8s0HGd-_Xhs-ACfm6279shNA@mail.gmail.com>
References: <158921606984.25307.13122538106790691765@ietfa.amsl.com> <CA+nkc8Axa4QrmQH9SYug-eBG+UuUZ-vvys=itkCUs-sVLRDjHA@mail.gmail.com> <CACuvLgww+zSWHRdQ5zs94ARJcf9J2Rzx4Ob6fpoaQquuVgR8ww@mail.gmail.com> <CA+nkc8CrRp+C_pFopgWRNCoCYD8s0HGd-_Xhs-ACfm6279shNA@mail.gmail.com>
Date: Wed, 13 May 2020 09:48:41 +1000
From: "Martin Thomson" <mt@lowentropy.net>
To: captive-portals@ietf.org
Content-Type: text/plain
Archived-At: <https://mailarchive.ietf.org/arch/msg/captive-portals/Eb1c0apPfmLQ1_mPGgrxOSaB-cY>
Subject: Re: [Captive-portals] =?utf-8?q?Last_Call=3A_=3Cdraft-ietf-capport-a?= =?utf-8?q?rchitecture-08=2Etxt=3E_=28CAPPORT_Architecture=29_to_Informati?= =?utf-8?q?onal_RFC?=
X-BeenThere: captive-portals@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Discussion of issues related to captive portals <captive-portals.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/captive-portals>, <mailto:captive-portals-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/captive-portals/>
List-Post: <mailto:captive-portals@ietf.org>
List-Help: <mailto:captive-portals-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/captive-portals>, <mailto:captive-portals-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 12 May 2020 23:49:03 -0000

On Tue, May 12, 2020, at 22:32, Bob Harold wrote:
> >  How does the capport wg feel as a whole about this question? [MAC as identifier]
> 
> I am also wondering the same thing. 

We did discuss this, if I recall.  From memory, there were a few reasons not to go further:

MAC randomization means that the identifier might not be stable (I don't think that this is relevant in retrospect as MAC is no worse in this way than IP)

The nature of MAC and what entities could access that information means that it is more vulnerable to spoofing.  That is, an entity that is not on the same network segment would be unable to see the MAC and verify that incoming data was attributed to the UE.

No one volunteered to do a more thorough analysis.  As we have the generic criteria Kyle refers to, that was considered enough.