IETF Logo Mail Archive

Re: [Captive-portals] Call for adoption draft-ekwk-capport-rfc7710bis

Kyle Larose <kyle@agilicus.com> Thu, 28 March 2019 18:08 UTC

Return-Path: <kyle@agilicus.com>
X-Original-To: captive-portals@ietfa.amsl.com
Delivered-To: captive-portals@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 861C51202EF for <captive-portals@ietfa.amsl.com>; Thu, 28 Mar 2019 11:08:28 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=agilicus.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id PlyqStxvrzxG for <captive-portals@ietfa.amsl.com>; Thu, 28 Mar 2019 11:08:26 -0700 (PDT)
Received: from mail-it1-x141.google.com (mail-it1-x141.google.com [IPv6:2607:f8b0:4864:20::141]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 967A71202CB for <captive-portals@ietf.org>; Thu, 28 Mar 2019 11:08:26 -0700 (PDT)
Received: by mail-it1-x141.google.com with SMTP id w15so7608039itc.0 for <captive-portals@ietf.org>; Thu, 28 Mar 2019 11:08:26 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=agilicus.com; s=google; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=gl+/AX4Y9s3Rb8sf+as5XyY/5OiTT8V/HyZymQm/ErE=; b=P9sJPDVOhwn98cr+OhuGSmDLbv17KRqDrRm/4CT13UPWC3m3pcgKOerhjZomaxXV8a FsHykMNdRv6XPlVQTYq3RNnj65QlykXD1zcxNssgchX9Lc74neHEsnmO5Ule8FGEgBF/ 7o59eIbK0zJeDye+AicwzJ1q6zApmAp2iHSnrMwXcafV2JOm7TpcSS3j/lGYnsyElXIw S6U6NjL8vE1s6wgMYV+E9p2AFvjHB6DDow9wn4Raoc0o6UjwXB0Wd0usqBPL9gL3bkHK TFgibg4T4GEYo7neaW1T6akk6lWsiuum2V5VLKu4JMokO4z4P+1UJqxM38rgy285U6GU 6Gaw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=gl+/AX4Y9s3Rb8sf+as5XyY/5OiTT8V/HyZymQm/ErE=; b=a7NCEC6UXBm492sUsQWIJRruTfqtrXGVnxiD1fI1xkIE0cUFTDCUdKJdgW0+zsJG8A YvPnyUdRwsShhsKqNHhvTrhZiTyRI3Nu4qK7oYFiaaozqjYIJjAWcypJGKt+wcUi3kcT OV53IhJ4Hd6O8kooSCEDl/y4yCBPM3E5mTh0UDguABomOctsJwKysCDgHDsaB1YKnsv5 sgphL6SZ5hOs9WmRLhfZsORs9mAYM8xUU3NEswpflOYner+EPxb+TZx5QE5z+VpSCd3j 4Wf9fq4S9m6Jd6nlnEMao9GqgkmhrWr/+Wc8faNOTQMXiKWZB95pajvWOI7lcNBZzyfV jgdw==
X-Gm-Message-State: APjAAAW7ELfFwpBIwgA1TglGsNVbGIKVtK1CoE8FlRbkNM6EYpmmqf9n KtLscmzSi8EeEywbBf+YfQQa8hyU1YMZeLXxWmmc
X-Google-Smtp-Source: APXvYqxrXvbkVMARBNPra08y6+OVHJg7eZPHND4qC2W2eK8dVI+msl6nj3IjaB8cCYvCUDfZSIvMujIljdLOAA96Ac8=
X-Received: by 2002:a24:7a94:: with SMTP id a142mr1192250itc.79.1553796505870; Thu, 28 Mar 2019 11:08:25 -0700 (PDT)
MIME-Version: 1.0
References: <b674dc01-d402-4d49-b7f4-50360389dd2b@www.fastmail.com> <CADo9JyVDiwtZ24mK9GUpykocKcWD_HOVNt2THLozt8yass_cMw@mail.gmail.com>
In-Reply-To: <CADo9JyVDiwtZ24mK9GUpykocKcWD_HOVNt2THLozt8yass_cMw@mail.gmail.com>
From: Kyle Larose <kyle@agilicus.com>
Date: Thu, 28 Mar 2019 14:08:14 -0400
Message-ID: <CACuvLgyKisR99M4ewxQQVih1rGCg-WOUxJ3SKL6xRZRnFX8fVg@mail.gmail.com>
To: David Bird <dbird=40google.com@dmarc.ietf.org>
Cc: Martin Thomson <mt@lowentropy.net>, captive-portals@ietf.org
Content-Type: text/plain; charset="UTF-8"
Archived-At: <https://mailarchive.ietf.org/arch/msg/captive-portals/NxqmHqqw1n6RFJIycMCyPr8UBbE>
Subject: Re: [Captive-portals] Call for adoption draft-ekwk-capport-rfc7710bis
X-BeenThere: captive-portals@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Discussion of issues related to captive portals <captive-portals.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/captive-portals>, <mailto:captive-portals-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/captive-portals/>
List-Post: <mailto:captive-portals@ietf.org>
List-Help: <mailto:captive-portals-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/captive-portals>, <mailto:captive-portals-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 28 Mar 2019 18:08:29 -0000

David,

On Wed, 27 Mar 2019 at 08:26, David Bird
<dbird=40google.com@dmarc.ietf.org> wrote:
>
> This is assuming that DHCP and RA will be handing out unique URLs to UEs encoded with the necessary token identifying the UE.
>

At IETF 100 we discussed how the various components interacting with
the captive portal would be identified.
One of the methods was "implicit" identification -- i.e. rely on the
source MAC, IP, etc. to identify. If the API
end-point is located such that this is feasible, then the DHCP/RA
won't need to encode the identity in the URL.
That said, this does restrict where the API could be, unless the
Enforcement Device can tunnel the request
to the API with some form of identifying characteristic contained in
the encapsulation's metadata, or someone
figures out a simpler technique to securely augment the request with
the necessary info. I'm not sure how people
feel about that, or whether it is truly feasible.

> If that is not possible, then the URL is likely to be anything outside the walled garden so that the API end-point gets caught up in the existing HTTP redirection to get the right UE specific URL.

To clarify, you mean *not* likely, right?

Overall, I don't think (correct me if I'm wrong) we're saying that the
captive portals will immediately stop doing
the redirection. Rather, they will likely continue to support that
until a critical mass of UEs support the new
mechanisms.

v2.23.0 | Report a Bug | By Email