IETF Logo Mail Archive

Re: [Captive-portals] Arguments against (any) Capport "API"

Christian Saunders <Christian.Saunders@sjrb.ca> Wed, 05 April 2017 17:30 UTC

Return-Path: <Christian.Saunders@sjrb.ca>
X-Original-To: captive-portals@ietfa.amsl.com
Delivered-To: captive-portals@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 246CB126C7A for <captive-portals@ietfa.amsl.com>; Wed, 5 Apr 2017 10:30:26 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.59
X-Spam-Level:
X-Spam-Status: No, score=-2.59 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, T_KAM_HTML_FONT_INVALID=0.01] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=sjrb.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id h9Q8Wvi02bhx for <captive-portals@ietfa.amsl.com>; Wed, 5 Apr 2017 10:30:23 -0700 (PDT)
Received: from prdcg4ipta02x-ext.shaw.ca (prdcg4ipta02x-ext.shaw.ca [204.209.208.147]) (using TLSv1.2 with cipher RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A7DF0128C81 for <captive-portals@ietf.org>; Wed, 5 Apr 2017 10:30:21 -0700 (PDT)
X-IronPort-AV: E=Sophos; i="5.37,279,1488870000"; d="scan'208,217"; a="69464061"
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=SJRB.onmicrosoft.com; s=selector1-sjrb-ca; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=0kASgoY12EZ88yTisCw82bKPfNeD50t5/UVLP9gJA9Y=; b=aIrCD0p0eTIpBspxW4TB/aP5aovZ3OUjShS1X3Q0NEz/2lBjf89dH92fixo4UugTei6JqVokPmK/UdS3mWPjQItTzfeuPYvJ3f9nJTOKU/pUW436L0WHafVSuThJoexhdwZ/66PulRCkdsyS6fXiBn87WmREL+Vjn9fGbu/ZsvI=
From: Christian Saunders <Christian.Saunders@sjrb.ca>
To: David Bird <dbird@google.com>
CC: "captive-portals@ietf.org" <captive-portals@ietf.org>
Thread-Topic: [Captive-portals] Arguments against (any) Capport "API"
Thread-Index: AQHSrXZ7NljHjdeUFkmXES27Lm70saG1nKgAgAACQoCAAI3uAIAAkrCAgAAkegCAAA45gIAABVEAgAADdACAAAPJgIAABsAAgAAEH4A=
Date: Wed, 05 Apr 2017 17:30:16 +0000
Message-ID: <c7ace5a6-8b0d-40d8-066c-dea49a9dd4e0@sjrb.ca>
References: <CADo9JyU2wiEBB4L7ADSybt9se7jCN764JSEoHuGTcuiU_jDscQ@mail.gmail.com> <alpine.DEB.2.02.1704042139110.27978@uplift.swm.pp.se> <CADo9JyVr07w5GRpF+UzSBHRuo=V=3p9MeyhFdzB+5pZk7_amNw@mail.gmail.com> <alpine.DEB.2.02.1704050613130.27978@uplift.swm.pp.se> <CADo9JyXMkqomOpvUWhzZs77eOPvx-g0L-tR5oSz6D4mfjaaUWQ@mail.gmail.com> <c878b23d-c078-987f-84e0-2a99f2e08dbd@sjrb.ca> <CADo9JyUyQo++b=_oLHd33vjsA_KxLcwwTFjb3T4PDeWmyBfPwQ@mail.gmail.com> <CADo9JyUwVp+xkO444NRH=oMW++MJeCpPHo+j6vg8hfA6wBYGKw@mail.gmail.com> <c57d722e-6d1e-7023-dcf2-a589a8d3d5cc@sjrb.ca> <E8355113905631478EFF04F5AA706E9870579542@wtl-exchp-1.sandvine.com> <CADo9JyWPQeDO1iDDi_ywQie21UgcaBuOArZ+wBBxkRV1E6YA_Q@mail.gmail.com>
In-Reply-To: <CADo9JyWPQeDO1iDDi_ywQie21UgcaBuOArZ+wBBxkRV1E6YA_Q@mail.gmail.com>
Accept-Language: en-GB, en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Thunderbird/45.8.0
authentication-results: google.com; dkim=none (message not signed) header.d=none;google.com; dmarc=none action=none header.from=sjrb.ca;
x-ms-exchange-messagesentrepresentingtype: 1
x-originating-ip: [204.209.209.138]
x-microsoft-exchange-diagnostics: 1; MWHPR04MB0654; 7:HowoYAnqZa5KZ8MK2eGYsKXBH2cEhgziKRqHyO/n6H2hqWMotFa8r2Pk9QqKuU83NUBy59mtq5xv0m+JvjoxT5xuUIRmw8EwVLcDCK9rV+3uug48YlQZ2osPApFDUX401fhVFbrofA0V5Q9YqWEKdj7l59qVsFBT4E5oscx1nQBaBbDCmxNYnBi6peJdMLJZeCP7obBACyzqtZv1EJNyhQJw/rZDtmwM2TwMY1IFBCgsnZgREYBmm7KL+OUDC++EjA11BDmDxl8x+U+GXezX8rX8pi/rYYXdbo7in9RAsNMJTbD/PEurJdFkt86Hy/ir7epzikPYz8pIOyQ4p3jOfA==
x-forefront-antispam-report: SFV:SKI; SCL:-1SFV:NSPM; SFS:(10009020)(39450400003)(39840400002)(39410400002)(39850400002)(39400400002)(377424004)(24454002)(377454003)(4326008)(7906003)(110136004)(53936002)(38730400002)(6246003)(53546009)(7736002)(2906002)(54896002)(2950100002)(6916009)(99286003)(6506006)(36756003)(93886004)(229853002)(86362001)(6486002)(25786009)(77096006)(31696002)(6436002)(606005)(6116002)(102836003)(122556002)(8936002)(6512007)(6306002)(8676002)(33646002)(4001350100001)(2900100001)(189998001)(65956001)(66066001)(5660300001)(83506001)(3660700001)(236005)(76176999)(3280700002)(54356999)(50986999)(74482002)(31686004)(81166006)(3846002); DIR:OUT; SFP:1101; SCL:1; SRVR:MWHPR04MB0654; H:MWHPR04MB0655.namprd04.prod.outlook.com; FPR:; SPF:None; MLV:sfv; LANG:en;
x-ms-office365-filtering-correlation-id: fd92ea76-bf43-4e1c-fd14-08d47c496cd9
x-microsoft-antispam: UriScan:; BCL:0; PCL:0; RULEID:(22001)(2017030254075)(201703131423075)(201703031133081); SRVR:MWHPR04MB0654;
x-microsoft-antispam-prvs: <MWHPR04MB0654C922B5A7B97F113D939C890A0@MWHPR04MB0654.namprd04.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:(192374486261705)(211936372134217)(275809806118684);
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(6040450)(601004)(2401047)(8121501046)(5005006)(3002001)(10201501046)(93006095)(93001095)(6041248)(20161123555025)(20161123562025)(201703131423075)(201702281528075)(201703061421075)(20161123564025)(20161123560025)(6072148); SRVR:MWHPR04MB0654; BCL:0; PCL:0; RULEID:; SRVR:MWHPR04MB0654;
x-forefront-prvs: 0268246AE7
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: multipart/alternative; boundary="_000_c7ace5a68b0d40d8066cdea49a9dd4e0sjrbca_"
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-originalarrivaltime: 05 Apr 2017 17:30:16.4693 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 8b30192e-1388-4ed6-8208-e35dd72ad2ad
X-MS-Exchange-Transport-CrossTenantHeadersStamped: MWHPR04MB0654
X-OriginatorOrg: sjrb.ca
X-TM-AS-Product-Ver: SMEX-11.0.0.4255-8.100.1062-22988.001
X-TM-AS-Result: No--26.755200-0.000000-31
X-TM-AS-User-Approved-Sender: Yes
X-TM-AS-User-Blocked-Sender: No
Archived-At: <https://mailarchive.ietf.org/arch/msg/captive-portals/FX7SWIdapJxhplKMWb4EQzmCKI0>
Subject: Re: [Captive-portals] Arguments against (any) Capport "API"
X-BeenThere: captive-portals@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Discussion of issues related to captive portals <captive-portals.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/captive-portals>, <mailto:captive-portals-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/captive-portals/>
List-Post: <mailto:captive-portals@ietf.org>
List-Help: <mailto:captive-portals-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/captive-portals>, <mailto:captive-portals-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 05 Apr 2017 17:30:26 -0000

Does WISPr support all of the use cases?  Is there a publicly available source for the WISPr XML spec?

Cheers!

Christian

On 17-04-05 11:15 AM, David Bird wrote:
I agree with that... but, to be clear, it really is just an improvement on WISPr XML, and with WISPr XML already, not only used, but used to make money, the reasons for supporting this API MUST be inline with the venue/Operator needs. 'Automating login' (as a focus for the API) quickly becomes venue / regional / legal / vertical / application / access policy dependent.. Not to mention, I question the value for the user in making it super simple for their devices to auto-login into public access networks (without clear user intent). This seems irresponsible, on our part, when there are solutions out there already that do automate this login, but only after taking extra security measures (presumably, hotspot aggregators conceal your identity when roaming, and their Apps can do more things).

On Wed, Apr 5, 2017 at 9:51 AM, Dave Dolson <ddolson@sandvine.com<mailto:ddolson@sandvine.com>> wrote:
This is OK if you only need to serve devices with browsers and attentive humans.
The API offers possibilities for automation in the device by making a formal data model (vs. HTML).


From: Captive-portals [mailto:captive-portals-bounces@ietf.org<mailto:captive-portals-bounces@ietf.org>] On Behalf Of Christian Saunders
Sent: Wednesday, April 5, 2017 12:38 PM
To: David Bird
Cc: captive-portals@ietf.org<mailto:captive-portals@ietf.org>
Subject: Re: [Captive-portals] Arguments against (any) Capport "API"

The currently proposed solution has 3 components:


1. The ICMP component is used to detect a captive network.

2. The DHCP component is used to discover the address of the Captive Portal.

3. The API is an information service with a standardized interface that allows discovery and potentially remediation of the requirements for network access.

The ICMP and DHCP components are sufficient to resolve the redirection and HTTPS issue.

I would consider the API as an optional component - it might create some user experience benefits if the device developers and network operators choose to use it.

The difficulty with the API is having a way of codifying all of the possible network access requirements.  I'm not sure this is reasonably possible.

Assuming that such a definition is possible, then there is some benefit to the common definition.

(It also strikes me that this definition would make a nice back end design for the Captive Portal itself.)

Cheers!

Christian


On 17-04-05 10:25 AM, David Bird wrote:
Edits in-line :)

On Wed, Apr 5, 2017 at 9:06 AM, David Bird <dbird@google.com<mailto:dbird@google.com>> wrote:
A few more key benefits of the ICMP approach :

- Capport detection is made easier for the client, even when RFC 7710 (or any API) is NOT implemented (as long as the NAS is Capport compliant).

- "Signaling" can be done by different components (NAS, iptables, rate-limiter, PCEF, etc), without (necessarily) needing to coordinate with a central service.

- In defining the RFC in how a NAS should handle blocking traffic for Capport compliant devices, we are also defining how the NAS should handle Legacy devices - which is, there is no difference - they both get ICMP Dest Unreach w/Capport extension) - which is helpful.







_______________________________________________
Captive-portals mailing list
Captive-portals@ietf.org<mailto:Captive-portals@ietf.org>
https://www.ietf.org/mailman/listinfo/captive-portals

v2.23.0 | Report a Bug | By Email