Re: [Captive-portals] I-D Action: draft-ietf-capport-api-00.txt
David Bird <dbird@google.com> Tue, 06 February 2018 01:07 UTC
Return-Path: <dbird@google.com>
X-Original-To: captive-portals@ietfa.amsl.com
Delivered-To: captive-portals@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2FFD412DA28 for <captive-portals@ietfa.amsl.com>; Mon, 5 Feb 2018 17:07:19 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.71
X-Spam-Level:
X-Spam-Status: No, score=-2.71 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=google.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id kyuo_u2MwyA3 for <captive-portals@ietfa.amsl.com>; Mon, 5 Feb 2018 17:07:17 -0800 (PST)
Received: from mail-io0-x235.google.com (mail-io0-x235.google.com [IPv6:2607:f8b0:4001:c06::235]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D4B5012DA27 for <captive-portals@ietf.org>; Mon, 5 Feb 2018 17:07:16 -0800 (PST)
Received: by mail-io0-x235.google.com with SMTP id z6so700385iob.11 for <captive-portals@ietf.org>; Mon, 05 Feb 2018 17:07:16 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=mJLk84t7XyYs3n24vUxL5WPzOJdoKfwaD93ZUD6J0Zg=; b=UZthdFHWzODfnIRZdDtxl+EVMqGmXxQ58mpYc836opiTNzK0EK2Rq0xXF7ZVkBJKab K+8mRZZS/hgyxa2awxTLkgP+xLt9alVZfKNSCLRu+ZUouBY/i73owoIQ9k2mwJNTc8RW oJvlSFp8yW1T449AWWGw/gb0jbCKFBDaDbvYwoTBNsrJHRSdiB6ZvhPYoKYNyNbfY8iZ x8rqBHMTuwECqALTCW0U/uYnS8PgMOVhFmoHzVXar3OYhnyij7im7CUAeP4Nhpnzklnm 1378C3+CNJJzl4/4PQ9wjsLTahEcI5HY0IRFQthKG5byBztSF8htRnZqJgNdCWj/XKbg 7kkA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=mJLk84t7XyYs3n24vUxL5WPzOJdoKfwaD93ZUD6J0Zg=; b=KWbvfF/VVtVyY7X0PLV1SnbJ8rbaj6cNULLc2zI09Pk07csl1WYZiiVfrjJTI+toBz 03nfQ2Cl56AqU44OY3LrrKPqsmR4JRj2X19al7cc/e1U++ENwG3NmpXrn3vDWbO0Rbjy 8ZKL8rl4crePAw5rFgbSTUG4iMlfc2v6A/2JXJxXVJRyI/9WKRAXUn+PAoEIOJy2hi+d 0uoDls5x6dd3ipB2tT1kQLIf5cfbN07TjviH/5/g8eoe8pChE44QSbNOTIq6OLyMYjQV efkVPuaYdux8KJQzmg/dmk8HziOeGiYDOK4Ft3MIxbK5EqjND6r5NwZqJHfzIkPVsHJN tolQ==
X-Gm-Message-State: APf1xPC383DbVkKBhAbXcKOt8is31jeQj2o3lzPeaUJMbSiV92zEiS0B YmwhN+KhlUsif6nGWOIkfIFX3jzUpOHW9a5rMwYlTYBJ
X-Google-Smtp-Source: AH8x224hp1pXY3exkyNlsnK5K4aij/y3OBjl0P9YDvXtni/mWX1rKCxvtxhxi75EN71lkT7rYtpdhmqRNo3KWZt9Qjs=
X-Received: by 10.107.23.7 with SMTP id 7mr964156iox.62.1517879235807; Mon, 05 Feb 2018 17:07:15 -0800 (PST)
MIME-Version: 1.0
Received: by 10.2.137.229 with HTTP; Mon, 5 Feb 2018 17:07:15 -0800 (PST)
In-Reply-To: <CABkgnnX2iQwDR_zgk15OQSCWh1pJBrJRvTwmEHbvsecaoQOuow@mail.gmail.com>
References: <151778535115.5816.386541967960931391@ietfa.amsl.com> <CADo9JyV2Rz2B9H_h9JMne7XLtMeVb2OajheZ86i5g8nsPmmFOw@mail.gmail.com> <CABkgnnW_x6sokdEo-yyzk0DKFqom6b7aHpoLgRnBHOW_cGB6yA@mail.gmail.com> <CADo9JyXRtyuzoWJKA+aASGh-bEJ8hi323VRdBeyqsgXwNxSkbw@mail.gmail.com> <CADo9JyVtKMCwcXsZgfNSJ8VshjaTxSPS7YWro71Z4Y7K4UWFxA@mail.gmail.com> <CABkgnnX2iQwDR_zgk15OQSCWh1pJBrJRvTwmEHbvsecaoQOuow@mail.gmail.com>
From: David Bird <dbird@google.com>
Date: Mon, 05 Feb 2018 17:07:15 -0800
Message-ID: <CADo9JyWyv=d9osYiRRAG4cav6zGbS4imstV0TJcP4fbTaYamUg@mail.gmail.com>
To: Martin Thomson <martin.thomson@gmail.com>
Cc: captive-portals@ietf.org
Content-Type: multipart/alternative; boundary="001a114f7752aa3883056480cc38"
Archived-At: <https://mailarchive.ietf.org/arch/msg/captive-portals/FJM1EX0ZHXmWBbm2MBC9sUfzxs8>
Subject: Re: [Captive-portals] I-D Action: draft-ietf-capport-api-00.txt
X-BeenThere: captive-portals@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Discussion of issues related to captive portals <captive-portals.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/captive-portals>, <mailto:captive-portals-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/captive-portals/>
List-Post: <mailto:captive-portals@ietf.org>
List-Help: <mailto:captive-portals-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/captive-portals>, <mailto:captive-portals-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 06 Feb 2018 01:07:19 -0000
On Mon, Feb 5, 2018 at 4:54 PM, Martin Thomson <martin.thomson@gmail.com> wrote: > On Tue, Feb 6, 2018 at 8:41 AM, David Bird <dbird@google.com> wrote: > >> I have heard UE vendors express a strong desire to be able to know > >> about status before they attempt to use the network. > >> > > > > Hm, but (assuming you are using the provided network for DNS, CRL checks, > > and the API itself), the UE is *already* using the network. > > Not really. The way I understand it, the UE alters routing tables so > that only applications that explicitly opt in to using the interface > to the network can do so. That state exists until the network is > given an "all clear". > I understand that. But, *really*, the application(s) that opt-in, as it were, are using the network... DNS, HTTPS (to the API), etc. I'm not overly comfortable designing network protocols around, basically, UE limitations and easy of programming... The UE *could* be more flexible... > > > I believe this desire on the UE vendor part is a case of 'be careful what > > you wish for' ... Having an API telling you it is "all clear" vs "do > > internal (often sandboxed for various reasons browser) captive portal > > dialog" amounts to making this a configuration of the network > administrator > > -- Remember the (current) arms race concerning captive portal detection? > > Well, the network operator wins with this API (!). > > Remember we already concluded that if the network wants to lie about > status, we aren't planning to stop them. There are still some > discussions to be had about providing incentives to be truthful, but > it's possible that we could never really plumb the depths of that > issue productively, so we've been deferring it. > > My point is... that the reason for the "arms race" is user expectations and the UE trying to determine possible issues in the network... My prediction remains that the UE vendors will *still* opt to test the network even with the API -- because they still have users, with expectations... > > Over the years on this list we have seen many use-cases come through, I > > recall: > > > > - A school/library network that allows most of the Internet, but > captures > > and redirects for certain networks / sites > > - A network allows all sorts of protocols - IMAP, HTTPS, for example - > > but not others - like HTTP, SMTP - and want to redirect / signal portal > > - A network that allows all Internet traffic, but just at a low QoS > tier. > > No "captive" portal, but a portal is yet available for upgrading tier > > - Any network that allows a large walled garden, or even a *very large* > > garden, but otherwise has a captive portal > > - A network that will 99.99% of the time allow all traffic, but will > > (perhaps because of virus detection) interrupts sessions into captive > state > > [technically, this is a "boolean" use-case, but one where polling would > just > > be huge noise] > > I'd say that the amount of information provided here is rich enough > that you want to talk to a human. Very few networks permit sending of > arbitrary packets to arbitrary hosts and the receipt of similar. The > point is to ensure that you are managing expectations. If I > understand the expression of requirements, the idea is that a UE can > use the boolean signal, but this other stuff is better presented on > the web page. If the network starts off in a captive state, then that > page will be seen (if there is a human), and maybe not used (if there > isn't). > > I'm not sure I follow that statement... > > Clients that go idle typically have their session terminated - so, yes, > it > > does save the user time (depending on "time" is billed - real time vs > > metered, etc). > > Right. Though this is relatively rare in my experience. In those > cases, I think that the idea is that the client can check with the API > before its time comes due and notice the resulting extension and so go > back to sleep. What's rare, metered time based access??
- [Captive-portals] I-D Action: draft-ietf-capport-… internet-drafts
- Re: [Captive-portals] I-D Action: draft-ietf-capp… David Bird
- Re: [Captive-portals] I-D Action: draft-ietf-capp… Martin Thomson
- Re: [Captive-portals] I-D Action: draft-ietf-capp… David Bird
- Re: [Captive-portals] I-D Action: draft-ietf-capp… Martin Thomson
- Re: [Captive-portals] I-D Action: draft-ietf-capp… Tommy Pauly
- Re: [Captive-portals] I-D Action: draft-ietf-capp… David Bird
- Re: [Captive-portals] I-D Action: draft-ietf-capp… Lorenzo Colitti
- Re: [Captive-portals] I-D Action: draft-ietf-capp… Martin Thomson
- Re: [Captive-portals] I-D Action: draft-ietf-capp… Lorenzo Colitti
- Re: [Captive-portals] I-D Action: draft-ietf-capp… David Bird
- Re: [Captive-portals] I-D Action: draft-ietf-capp… David Bird
- Re: [Captive-portals] I-D Action: draft-ietf-capp… David Bird
- Re: [Captive-portals] I-D Action: draft-ietf-capp… Michael Richardson
- Re: [Captive-portals] I-D Action: draft-ietf-capp… Michael Richardson