IETF Logo Mail Archive

Re: [Captive-portals] Signals from the network and ICMP

Martin Thomson <martin.thomson@gmail.com> Wed, 02 May 2018 07:36 UTC

Return-Path: <martin.thomson@gmail.com>
X-Original-To: captive-portals@ietfa.amsl.com
Delivered-To: captive-portals@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B90B012D878 for <captive-portals@ietfa.amsl.com>; Wed, 2 May 2018 00:36:49 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.7
X-Spam-Level:
X-Spam-Status: No, score=-2.7 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id bvAYoPhx2dDZ for <captive-portals@ietfa.amsl.com>; Wed, 2 May 2018 00:36:47 -0700 (PDT)
Received: from mail-oi0-x230.google.com (mail-oi0-x230.google.com [IPv6:2607:f8b0:4003:c06::230]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2587F126C2F for <captive-portals@ietf.org>; Wed, 2 May 2018 00:36:47 -0700 (PDT)
Received: by mail-oi0-x230.google.com with SMTP id b130-v6so12087399oif.12 for <captive-portals@ietf.org>; Wed, 02 May 2018 00:36:47 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=4VhXL1A6XQKHhsRR0FoS9TexIQux48VsFx8HA0OSljk=; b=VZ4AAGR+VCauljIckZcUT3HNzQGgRLuEDEdEmcgdcVDCc9gIF2biyCTVMn4scV6LBV 6f6uoN/CV0LZdLCN45pawfWI8SEXJ7jlUiOkahxQLXn4K/LIDpMovL3JQQeu9XC/h5nN 1x0z4rP/Okb2yLTKOwyx4jVhmk/GEW1ooo1hln7fKo2dCbNdzk2QesJ4cbgp3L2uI0r+ hgqGIiMZ/qGnKRanGVqFFv89Ref4/VRnRxN37LYjgZ80wgrRieQYfVd472zW+s6vGbU5 fs9mJCt+xBXkapDw1NlqT7bGMiv66uDQ4KNCalyU59nJv3pLK0wvihrigsrPvtxhRaPr NFQA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=4VhXL1A6XQKHhsRR0FoS9TexIQux48VsFx8HA0OSljk=; b=uKgsqMkesGGfpNukYr/GPUEy/SxQttt04sX/BulLRDj+AsWmDqnBcdj01IVQDkmHAi JTdV+nkEvbAguDWUugbB66Gr/GVbRPfstKrrsFSE5iu3hYghoOZ6NDLZE8ktCu7/PjXp +qd9DR1EOM0iELbaCNvw8dJ24ExaKkcjnULEyH3NO3Eg6dMSFscNAPiKb/VrzqsO9N1b 5RY9ZeWvgdXt/cBsvk3TFbVg5dg3z35FKKrwvsuBRIGbt4n3LJPkwkpS8hAQ9Vqaq89Q nXxqtXMNS72ei6gsZDDViea2W6B5cKtLPd4IvUM/qx3AD5OKI9JL94+psXKCcZZAdTqj d2KA==
X-Gm-Message-State: ALQs6tCJO24YImAobjsRqJj0SxATlyM8kp0+qzCoiWjRedQJOEaiGvUO ejtm+sN5TnoaGcf5pQXAn1WL4C6UCnWjMNbDsTNMMgbI
X-Google-Smtp-Source: AB8JxZrbqSUPiE/3rBgp2N/0656VPMjMgSBaWilyCS055mKA2itU+RRzNRXpObycj3NDC7FRw34W+14+rsZ7pr45im4=
X-Received: by 2002:aca:3905:: with SMTP id g5-v6mr10050000oia.215.1525246606260; Wed, 02 May 2018 00:36:46 -0700 (PDT)
MIME-Version: 1.0
References: <CABkgnnX74Bz0XPpwbTH=mzuAoZ4UjHt10bZn1TdJ8vFCeQny-A@mail.gmail.com> <b330b6f9-faaa-5a01-0f30-f5d8ca136fc7@golden.net> <CAAedzxr8KKks0djZsUYgi_eZQqYZqttppoCU2LhjqXP6cPPZdA@mail.gmail.com>
In-Reply-To: <CAAedzxr8KKks0djZsUYgi_eZQqYZqttppoCU2LhjqXP6cPPZdA@mail.gmail.com>
From: Martin Thomson <martin.thomson@gmail.com>
Date: Wed, 02 May 2018 07:36:35 +0000
Message-ID: <CABkgnnUcXUbZH3D=1K_h0P2GR5Y_sxV_UNpSLZUT+rWqwup6Gg@mail.gmail.com>
To: Erik Kline <ek@google.com>
Cc: ddolson@acm.org, captive-portals@ietf.org
Content-Type: text/plain; charset="UTF-8"
Archived-At: <https://mailarchive.ietf.org/arch/msg/captive-portals/PzrQwkE-jDdfj_elp5TY-AwJBtk>
Subject: Re: [Captive-portals] Signals from the network and ICMP
X-BeenThere: captive-portals@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Discussion of issues related to captive portals <captive-portals.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/captive-portals>, <mailto:captive-portals-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/captive-portals/>
List-Post: <mailto:captive-portals@ietf.org>
List-Help: <mailto:captive-portals-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/captive-portals>, <mailto:captive-portals-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 02 May 2018 07:36:50 -0000

Just to reiterate what Erik said here.  Based on the discussion in London
we have a better (but not perfect) understanding of what a signal would
need to look like.  But until we have a concrete proposal that fits the
requirements, all we have is a liability.  As a chair, I'm interested in us
completing our work and decoupling a contentious - and therefore risky -
component allows us to complete some work.

I encourage those who believe that a signal is important to make a
proposal.  My strong sense from the group is that
draft-wkumari-capport-icmp-unreach is a too ambitious, but something along
the lines of what is currently described in the architecture document -
which is much more narrowly constrained along the lines Dave (Dolson)
described upthread - might reach consensus.

I think that we were close to agreement about a simple signal that prompted
checking with the API.  I know that David (Bird) has some reservations
about this regarding the layer at which signals are produced and consumed,
but my sense is that the group felt that it was easier if any rich
signaling was kept at a higher layer of the stack.

The form of that signal is next to consider.  We have discussed ICMP
DestUnreach with a both new and existing codes.  The feedback in London was
that maybe DestUnreach has some downsides and a new message would be
better.  A new ICMP message would allow for use prior to the network access
being revoked, so it has that in its favour.  Then there are other methods
for signaling, such as a UDP packet to a registered port.

If someone were willing to present a solution that meets all the
requirements (or presented arguments for why particular requirements aren't
applicable or necessary), then I think we could proceed and we would talk
about adoption.  That would allow all our documents to proceed together.

Until we have that proposal, this signaling channel is a risk.  The
solution we have isn't an ideal solution from all perspectives without this
signal.  However, I think that we have a substantial number of people (if
not consensus) that - even with no signal - what we have is an
improvement.  More importantly, that we are not preventing the later
addition of a signal.

Therefore, until we have a concrete solution, I suggest the following
concrete actions:

1. remove the "hmac-key" from the API (that's easy, and I think that we're
resolved on that point)

2. make the text on the signal generic rather than specifically talking
about ICMP

3. some to volunteer to design a simplified signal and propose a design

On this second point, I'd suggest that the editors hold off on making that
change so that we can let this discussion evolve a little more.  It seems
like we are still undecided here and I wouldn't want to make the change,
discover that we have a draft that has consensus, and then revert it soon
afterwards.

On Tue, May 1, 2018 at 1:56 PM Erik Kline <ek@google.com> wrote:

> I was unable to make it to London, but I was able to watch the session
> on Youtube.  The ICMP discussion begins here:

>      https://www.youtube.com/watch?v=tavhoXNVcP8&t=1h12m5s

> and carries on until Darshak's presentation starts at t=1h45m35s (a
> good 30+ minutes).

> My reading of that portion of the session was not that ICMP was
> "unsuitable", but rather that there wasn't consensus in the room to
> move forward with anything in particular at that time--other than a
> discussion about requirements (i.e. the thread to which Martin
> linked).

> I would say the aim here was to "unhook" the ICMP discussion from the
> other work (architecture-cum-API), so both could proceed at their
> relative paces.

> <chair_hat="off">

> There seemed to be much mic discussion about host behavior (possibly
> caching destination unreachables, the applicability of admin
> prohibiteds).  I wonder if we are in need of some kind of broader
> input on / more discussion of current popular OS behavior.

> On 16 April 2018 at 05:30, Dave Dolson <ddolson@acm.org> wrote:
> > Having just re-read the thread, I disagree with this conclusion.
> >
> > There was a discussion about ICMP security and the conclusion that
treating
> > it as a hint to consult the API (rate limited) renders spoofed ICMP
messages
> > harmless.
> >
> > There was a discussion about whether alerts might be generated before
the
> > portal closes, which I think is feature creep.
> >
> > There was also a discussion about net neutrality (which parts of the
> > internet might be reachable), which seems orthogonal to mechanism.
> >
> > So I would like to know on what basis the chairs find ICMP unsuitable?
> >
> >
> > -Dave
> >
> >
> >
> > On 2018-04-13 6:14 AM, Martin Thomson wrote:
> >>
> >> Thanks to Lorenzo for kicking off the discussion about the desirable
> >> properties of a signal from the network.
> >>
> >> ( Thread starts:
> >>
> >>
https://mailarchive.ietf.org/arch/msg/captive-portals/pYYQqxAzJp8ZVLtfu1QLqJdMiiM/?qid=7c89d24eec00ff0608ee5398c9bb9d33
> >> )
> >>
> >> The chairs have discussed this and would like to confirm the following
> >> conclusions:
> >>
> >> 1. We don't have any current proposal for a signal that the group
> >> deems suitable.  For now, we will remove pieces from the API and
> >> architecture documents that specifically mention ICMP.
> >>
> >> 2. We will add a description of the properties we believe that a
> >> signal should have to the architecture document, but note that no such
> >> signal is defined.  That is, the signal will be sent by the network
> >> when it believes that a UE should check with the API for updated
> >> information.  The UE will treat that signal as a hint and may talk to
> >> the API as a result.  Rate-limiting will likely be needed.
> >>
> >> 3. We will consider a proposal to define a signal in future.  That
> >> would be a stand-alone proposal if it appeared.  To my reading, it is
> >> within our charter to take on work like that, but we would probably
> >> need to have a discussion with our AD at that point because we're
> >> already past our milestones.
> >>
> >>
> >> Does anyone disagree with these conclusions?  I don't think that this
> >> completely rules out the use of ICMP, though Destination Unreachable
> >> might not be an ideal fit as was discussed in London.
> >>
> >> _______________________________________________
> >> Captive-portals mailing list
> >> Captive-portals@ietf.org
> >> https://www.ietf.org/mailman/listinfo/captive-portals
> >
> >
> > _______________________________________________
> > Captive-portals mailing list
> > Captive-portals@ietf.org
> > https://www.ietf.org/mailman/listinfo/captive-portals
> _______________________________________________
> Captive-portals mailing list
> Captive-portals@ietf.org
> https://www.ietf.org/mailman/listinfo/captive-portals

v2.23.0 | Report a Bug | By Email