IETF Logo Mail Archive

Re: [Captive-portals] Use Case: "Carrier Grade Captive Portal"

"Livingood, Jason" <Jason_Livingood@comcast.com> Fri, 02 June 2017 12:48 UTC

Return-Path: <Jason_Livingood@comcast.com>
X-Original-To: captive-portals@ietfa.amsl.com
Delivered-To: captive-portals@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2299712EB70 for <captive-portals@ietfa.amsl.com>; Fri, 2 Jun 2017 05:48:10 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.003
X-Spam-Level:
X-Spam-Status: No, score=-0.003 tagged_above=-999 required=5 tests=[BAYES_20=-0.001, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 7G895FYjLryF for <captive-portals@ietfa.amsl.com>; Fri, 2 Jun 2017 05:48:09 -0700 (PDT)
Received: from vaadcmhout02.cable.comcast.com (vaadcmhout02.cable.comcast.com [96.114.28.76]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E027E12EB69 for <captive-portals@ietf.org>; Fri, 2 Jun 2017 05:47:58 -0700 (PDT)
X-AuditID: 60721c4c-c90f99a00000211d-74-59315e7be0a2
Received: from VAADCEX38.cable.comcast.com (vaadcmhoutvip.cable.comcast.com [96.115.73.56]) (using TLS with cipher AES256-SHA256 (256/256 bits)) (Client did not present a certificate) by vaadcmhout02.cable.comcast.com (SMTP Gateway) with SMTP id B0.3F.08477.B7E51395; Fri, 2 Jun 2017 08:47:55 -0400 (EDT)
Received: from VAADCEX37.cable.comcast.com (147.191.103.214) by VAADCEX38.cable.comcast.com (147.191.103.215) with Microsoft SMTP Server (TLS) id 15.0.1263.5; Fri, 2 Jun 2017 08:47:53 -0400
Received: from VAADCEX37.cable.comcast.com ([fe80::3aea:a7ff:fe12:38b0]) by VAADCEX37.cable.comcast.com ([fe80::3aea:a7ff:fe12:38b0%19]) with mapi id 15.00.1263.000; Fri, 2 Jun 2017 08:47:53 -0400
From: "Livingood, Jason" <Jason_Livingood@comcast.com>
To: Martin Thomson <martin.thomson@gmail.com>
CC: Warren Kumari <warren@kumari.net>, Dave Dolson <ddolson@sandvine.com>, Heiko Folkerts <heiko.folkerts@bsi.bund.de>, "captive-portals@ietf.org" <captive-portals@ietf.org>, "Herzig, Willi" <willi.herzig@bsi.bund.de>, Gunther Nitzsche <gnitzsche@netcologne.de>
Thread-Topic: [Captive-portals] Use Case: "Carrier Grade Captive Portal"
Thread-Index: AQHSxAsr/rX0EbUlVEm8/bwr+5Qk+KHi37QAgAGthoCAKpkfAIAAe5YAgAIS5AA=
Date: Fri, 02 Jun 2017 12:47:53 +0000
Message-ID: <AD3F2B14-E9AD-4156-96A6-9B83F8545B54@cable.comcast.com>
References: <201705031442.50683.heiko.folkerts@bsi.bund.de> <E8355113905631478EFF04F5AA706E98705C6C57@wtl-exchp-1.sandvine.com> <CAHw9_iJARf4MUA8nHqHA54jLvJNq-_Vek67A-rjHpSK6vC7r+Q@mail.gmail.com> <1BB90528-B35F-43F0-AF18-0215DC735FF0@cable.comcast.com> <CABkgnnWT6Xtqyx6pofpNOGa5E1FjJO1gPX1axmmiRaMnzxdoPg@mail.gmail.com>
In-Reply-To: <CABkgnnWT6Xtqyx6pofpNOGa5E1FjJO1gPX1axmmiRaMnzxdoPg@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/f.21.0.170409
x-ms-exchange-messagesentrepresentingtype: 1
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: [68.87.29.11]
Content-Type: text/plain; charset="utf-8"
Content-ID: <13A032841A92384480D939F268FB56C7@cable.comcast.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-CFilter-Loop: Forward
X-Brightmail-Tracker: H4sIAAAAAAAAA12Uf2wTZRjHea+99lr36u1K25eyMTiNCcT9VEzjD0KMkcPfGv6wRmW39mib dWvTa7sNwYwYoxkq+Guy4gKrdQZFK5jRShainZmjOEcA51AHNFtkW8jiZoxRl817767b1b/6 9PN93+/3eZ68OUrHfGh2UP7miBBu5gOswayvF7c7K198odZVM3u+1tkdbyedfb15o/PQ9Ajp vJrpAM7R7xeBc2DwIuE80L17q5E7dPgwwX0VHzdyyeTfBPfL2IKR6/lhAnB/fpkmnzQ8a77P IwT8MSFcvaXe7MvlUmTobVtrKvEmaAdD1g5gohB9Fxqbe4XsAGaKodME+u1gr0H58w1AiaEU gU8x9BBAvSdYXBvou9F4zyUdrlfTlSgxfM2IL+jo/QT6t/9lEgsWehsanLoBlEMc6ruaVi88 js6/sySb6unb0ETXZzKH9IPo9FsLhJKcI1D/x3H5kIl+Cs1fOiqbAtqG/sodl7mOtqOfJ48Q ygw0SvaP6JTaiqYnFuXzVroKjf5+TK/wO9DwT5NAqWtQ30dnJE5JdQWa6yZwqaM3otTpasV9 K5rPvGpQ6g3o3f15o9JmKTrbNak62tHAtxnyIFgb1zQUX3GKa5ziGqe4xukoID8B62I873E3 +YLRSE1dlZtvCAhV7mCTmxcj+PckwI8jXPZoBsx3cllAU4AtgflNtS6G5GNiW1MWNFIEa4Wb 75TQzQ1BT5uPF307w9GAILKrYfxhCcNl3BANNLIO2PW8RC3LtFloEQNCRHqN7DpoSFe7GPuy JkbFkN/tD0bFndFwIAsQpZNsT8i2Hr5ttxAOKmFZsJbSs3b40pUaF0N7+YjQKAghIVxQWyiK RfAMTi4NC16hdZc/ECnI0r0fd0gKrVXkZsth5zmpIZtW0PS7AdYLVS7GoZX/3zJBmbLAS5VI fYdwPBRDfJPo96rRFph0SrSkQOXYNXD2OQkyBaiJLIcjeEW2glQclwNtDjs8hnNofMIXbV6e 0mGDl8el7dyiEXCaowxewNyq4SuBjvUwj9U1GrU4s/ABmQFu6XlYII/TS6TPy8qQDDRheJMK 5RkRXMIzlqpMM2IZ/BWPaFWV4rQZaZeEtMupU9V4lxE+ot3lRlLepUrVXd5KyrtUYdEuZclW kIqTHO2gp+7s53a4QCVj9wf1mRbTGxXHv/Ze/+d6ag9342II7Nvznbf/MX323pmpxHCFLV03 Wnn7AwdEMTJNdX6wyvXMbOm1VU/v8m07V2EkdnD36JYW9xk9X7w/tOX19x4ZyMc2P2EZnAVz 68c+vYw8RwYeWrzQmmP2nix/LbB3+ylz4gr/B6sXfXztJl1Y5P8DqAdS4LYFAAA=
Archived-At: <https://mailarchive.ietf.org/arch/msg/captive-portals/EzDkJpp1B9MWELkmcwpF1BejtY4>
Subject: Re: [Captive-portals] Use Case: "Carrier Grade Captive Portal"
X-BeenThere: captive-portals@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Discussion of issues related to captive portals <captive-portals.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/captive-portals>, <mailto:captive-portals-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/captive-portals/>
List-Post: <mailto:captive-portals@ietf.org>
List-Help: <mailto:captive-portals-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/captive-portals>, <mailto:captive-portals-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 02 Jun 2017 12:48:10 -0000

On 5/31/17, 9:07 PM, "Martin Thomson" <martin.thomson@gmail.com> wrote:

    On 1 June 2017 at 08:23, Livingood, Jason <Jason_Livingood@comcast.com> wrote:
    > In any case, this is very much in scope IMO – so agree with others here. With the rise of IoT compromises the need for these sorts of notifications will only rise and will be critical to maintaining the security & integrity of the Internet.
    
    Just trying to understand this.  Jason, can you expand on your
    assertion that insertion of notices in HTTP messages (I assume
    response bodies) is critical to security & integrity?
    
[JL] I am not suggesting that insertion of notices in HTTP messages is the method to use (it just happens to be how we do it today). I’m merely confirming that others share the same use case specified by the German Federal Office for Information Security. FWIW, I presented on this need at the BoF IIRC. The RFC I referred to has some info as well, but it is not the best method which is why I hope that CAPPORT will provide a better alternative. 

[JL] But let me summarize the malware/hacked IoT device use case. A computing device is compromised and being used as part of a DDoS attack (a la the Dyn attack) or sending spam or doing keylogging or whatever. One alternative is to put them in a walled garden with CAPPORT whereby they have no access from any device in the home or, if the network architecture can do it, no access for only that specific device (other devices have unfettered access). The CAPPORT walled garden page would direct the device(s) or user(s) to a page explaining what the malware is and how to remediate, for example. Another alternative is a method to direct a device to a page / deliver a message about this malware issue without otherwise affecting or constraining their Internet access. In this alternative method, the objective is to get a critical security message to the user (e.g. Device X has malware Y and needs to be fixed ASAP) while not affecting things like gaming, OTT voice, OTT video, etc.

Jason

v2.23.0 | Report a Bug | By Email