Re: [Captive-portals] The architecture requiring that the API be secure
Michael Richardson <mcr@sandelman.ca> Wed, 28 February 2018 22:26 UTC
Return-Path: <mcr@sandelman.ca>
X-Original-To: captive-portals@ietfa.amsl.com
Delivered-To: captive-portals@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 93BF6126D73 for <captive-portals@ietfa.amsl.com>; Wed, 28 Feb 2018 14:26:09 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.911
X-Spam-Level:
X-Spam-Status: No, score=-1.911 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 7LRznLgS98A9 for <captive-portals@ietfa.amsl.com>; Wed, 28 Feb 2018 14:26:07 -0800 (PST)
Received: from tuna.sandelman.ca (tuna.sandelman.ca [IPv6:2607:f0b0:f:3:216:3eff:fe7c:d1f3]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 792EB126CF9 for <captive-portals@ietf.org>; Wed, 28 Feb 2018 14:26:07 -0800 (PST)
Received: from sandelman.ca (obiwan.sandelman.ca [IPv6:2607:f0b0:f:2::247]) by tuna.sandelman.ca (Postfix) with ESMTP id 18FD720091; Wed, 28 Feb 2018 17:33:54 -0500 (EST)
Received: from obiwan.sandelman.ca (localhost [IPv6:::1]) by sandelman.ca (Postfix) with ESMTP id 4D1EA80BE3; Wed, 28 Feb 2018 17:26:06 -0500 (EST)
From: Michael Richardson <mcr@sandelman.ca>
To: Kyle Larose <klarose@sandvine.com>
cc: "captive-portals@ietf.org" <captive-portals@ietf.org>
In-Reply-To: <9ba69a5cfa1342769eb703727b2402fb@sandvine.com>
References: <9ba69a5cfa1342769eb703727b2402fb@sandvine.com>
X-Mailer: MH-E 8.6; nmh 1.7-RC3; GNU Emacs 24.5.1
X-Face: $\n1pF)h^`}$H>Hk{L"x@)JS7<%Az}5RyS@k9X%29-lHB$Ti.V>2bi.~ehC0; <'$9xN5Ub# z!G,p`nR&p7Fz@^UXIn156S8.~^@MJ*mMsD7=QFeq%AL4m<nPbLgmtKK-5dC@#:k
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-ID: <16653.1519856766.1@obiwan.sandelman.ca>
Date: Wed, 28 Feb 2018 17:26:06 -0500
Message-ID: <16654.1519856766@obiwan.sandelman.ca>
Archived-At: <https://mailarchive.ietf.org/arch/msg/captive-portals/W-EYJ42xUgY_8GjiJv4Q944n7vg>
Subject: Re: [Captive-portals] The architecture requiring that the API be secure
X-BeenThere: captive-portals@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Discussion of issues related to captive portals <captive-portals.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/captive-portals>, <mailto:captive-portals-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/captive-portals/>
List-Post: <mailto:captive-portals@ietf.org>
List-Help: <mailto:captive-portals-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/captive-portals>, <mailto:captive-portals-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 28 Feb 2018 22:26:10 -0000
Kyle Larose <klarose@sandvine.com> wrote: > Issue #6 in the architecture draft > (https://github.com/capport-wg/architecture/issues/6) was raised to > point out that we should really mandate that the API be secure. I entered some comments on the github issue. > Basically, we want to make TLS a requirement, not a suggestion, so I've > changed the wording around TLS to reflect this. I also added a section > to the security section discussing the motivation behind the > requirement. I think that we have to deal with Martin's points about all the ways that the certificate behind HTTPS can be broken. I don't want to see overrides for that certificate. -- ] Never tell me the odds! | ipv6 mesh networks [ ] Michael Richardson, Sandelman Software Works | network architect [ ] mcr@sandelman.ca http://www.sandelman.ca/ | ruby on rails [
- [Captive-portals] The architecture requiring that… Kyle Larose
- Re: [Captive-portals] The architecture requiring … Michael Richardson