IETF Logo Mail Archive

Re: [Captive-portals] Questions about PvD/API

David Bird <dbird@google.com> Thu, 24 August 2017 15:21 UTC

Return-Path: <dbird@google.com>
X-Original-To: captive-portals@ietfa.amsl.com
Delivered-To: captive-portals@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E2C5E13237B for <captive-portals@ietfa.amsl.com>; Thu, 24 Aug 2017 08:21:55 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.7
X-Spam-Level:
X-Spam-Status: No, score=-2.7 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=google.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id YvvnAsrjHl5P for <captive-portals@ietfa.amsl.com>; Thu, 24 Aug 2017 08:21:53 -0700 (PDT)
Received: from mail-qk0-x22e.google.com (mail-qk0-x22e.google.com [IPv6:2607:f8b0:400d:c09::22e]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 74D67132BCE for <captive-portals@ietf.org>; Thu, 24 Aug 2017 08:21:53 -0700 (PDT)
Received: by mail-qk0-x22e.google.com with SMTP id x125so4801553qkc.3 for <captive-portals@ietf.org>; Thu, 24 Aug 2017 08:21:53 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=VsHMfrTemcpSWZrJsGyXAD/wmhg9j8oNg+dinkYwXeI=; b=GC3xbP2LzB6uxpxtkPbby2C6extYhRSLf2P3AKZihme92AjOkDPWjwyOOvWCjfZDN3 Jv2wd3nEx/iaC5mquAKpKMG6tSuLRtT6wvdtrx023bxax3yLXYjOaIQ1VQAd0DyeGBNf IOue6DTmCnWURlqjl3AL5n2QPFk6GQgexZJQFEJKROxy6HCEhcyNz3uBpVnyFjGrUERr 0nXKeHSMXntDVdE+mMDDPrK21NB7T9VD5FAtye0+1erJbmCHVdDkTQcFu0okSp9kFZ0a /kUDUoyk3HdOwp//lZ4XXlEL1qAlOw5n1IFtgpwT+ohqPJKtO2+71eOls9WRMOobTCHi YIPQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=VsHMfrTemcpSWZrJsGyXAD/wmhg9j8oNg+dinkYwXeI=; b=AZWiI1Khdz99GWxWDijDQiPQSPZCtfjDkPI9jQnB2XhRznSllEX3oivhc2b7S3WJsw u1yDcJkL+xjchIzD4LMhGAtavwV0t9+A9zDxw46WEDA0XQQ7F2Y2zrjbUQsBqx7LXkz9 I1zvqYkL9Gado+xjWtBhbp7yYjSP4rTbEkM2rNPVAv1y+GjXXtP0AYqR3Cn2NDgKft0W 5UtdnMOnepHXvySQdpc2iGS6mNnXU85elECvaSQ6ChruX7xeV/nFixdP+8FPcbzUuPYN /9rVg5iFRrooBUMwo7AixVHDqEF0UQm9AaElEjDnCYpPJ4tQSis0oVLdfP5kFlUnBpYs DscQ==
X-Gm-Message-State: AHYfb5izsaVIuBebOsHEbNXiJKNRJji3jelG+HGMCy1n8rV6F2ZIZ068 biIY8V9YJql/96i2y+52+YglLypBMEvx
X-Google-Smtp-Source: ADKCNb7L9je2ilRGugHzb0FTkJ+tk9zuiWfKTGCkWYFApjq3Zvgpd9BqSDkJc22FLSzBAHiEItHM1c+imRm6Omh+yBc=
X-Received: by 10.55.95.194 with SMTP id t185mr8564036qkb.61.1503588112341; Thu, 24 Aug 2017 08:21:52 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.12.132.102 with HTTP; Thu, 24 Aug 2017 08:21:51 -0700 (PDT)
In-Reply-To: <98352984-4E92-42EC-97FE-B652C0FC41AF@apple.com>
References: <CADo9JyU+XGYFWdNeXOBw1O43Pjyn0jZhGxDTb7VbLF+Jg4Xj4w@mail.gmail.com> <CAAedzxq4UhueFW=U-Tuc1gvG8Tapc7VE7BM2Akt9OXuzN3jLyQ@mail.gmail.com> <CADo9JyW0J7xzaosG5PJOFPHMy2g6vZ1cVpW6_YsuOdaKWqumkQ@mail.gmail.com> <A5B74413-32D8-4FE4-BDF7-DAA95266AAF4@apple.com> <CADo9JyUJTPRT9454VdZEM1nwFfxPSrMX3+Uk9i325uboQUya7g@mail.gmail.com> <7B520EA6-7B55-46B1-B084-F1CADF7DE28B@apple.com> <CADo9JyVSW5==nQOUMUUYWj743LmZCUjE9=W-YXnK-KMS-88AoQ@mail.gmail.com> <CABkgnnV1OT_29fdNbCDDJMgeRDNeOM8u2PYA94opo+ujj2=Avw@mail.gmail.com> <CADo9JyUdBZbBmwE0B21ryFuefQEaTiWLHD-w8AZSyWACH9u2dg@mail.gmail.com> <CABkgnnWbhHOmZRsvpEb0XusRtUJUPp7vpdM7V_4nLnC_B-mfKQ@mail.gmail.com> <CADo9JyUP_FWznzDWDO1s9-8B8-hMAUkFAMaa68uUZ1xR8CKHyw@mail.gmail.com> <CAKD1Yr0OrthUda3+ic3g83vWEpBATpcF4Z=4ENNg+ZuyySDMdg@mail.gmail.com> <CADo9JyW=wYh5y87KZrfs56fFze_VkdvUt-hF_SNeokPONxDuGA@mail.gmail.com> <CAKD1Yr2GpTX9NPTNJVbGjF+PxuNNyhgaRNjr0qMW90rVHeM_+g@mail.gmail.com> <98352984-4E92-42EC-97FE-B652C0FC41AF@apple.com>
From: David Bird <dbird@google.com>
Date: Thu, 24 Aug 2017 08:21:51 -0700
Message-ID: <CADo9JyVzW3TxFCHv=1N=Qsm2Th7gw7Yby8mdG2hOVWQQ_9YGpw@mail.gmail.com>
To: Tommy Pauly <tpauly@apple.com>
Cc: Lorenzo Colitti <lorenzo@google.com>, Erik Kline <ek@google.com>, "Eric Vyncke (evyncke)" <evyncke@cisco.com>, captive-portals@ietf.org, Martin Thomson <martin.thomson@gmail.com>
Content-Type: multipart/alternative; boundary="001a114dc83c53b552055781639d"
Archived-At: <https://mailarchive.ietf.org/arch/msg/captive-portals/YVzlsB2PA8pbYk1RdcNfzjFVBgo>
Subject: Re: [Captive-portals] Questions about PvD/API
X-BeenThere: captive-portals@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Discussion of issues related to captive portals <captive-portals.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/captive-portals>, <mailto:captive-portals-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/captive-portals/>
List-Post: <mailto:captive-portals@ietf.org>
List-Help: <mailto:captive-portals-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/captive-portals>, <mailto:captive-portals-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 24 Aug 2017 15:21:56 -0000

You are both describing decisions the UE makes... perhaps the UE waits for
several flows (with same session-id) to indicate capport warning/errors
before acting on it... especially when already connected. There were also
proposals to link the ICMP messages to the DHCP message somehow so that
ICMP is 'authenticated' against the original DHCP. Theses are solvable
concerns, not road blocks.



On Thu, Aug 24, 2017 at 8:14 AM, Tommy Pauly <tpauly@apple.com> wrote:

> Right, I think the difference between an unreachable destination, and a
> captive portal or walled garden, is that we expect the captive portal style
> interaction to be an Operating System-level action, and one that will have
> consequences on everything the device does while associated to a given
> network. You can certain use spoofed ICMP to disrupt connections, but (a)
> the user would notice and (b) you're not causing the Operating System to
> change behavior. When the OS thinks it is on a captive network or not, it
> will change what network it considers primary/usable, which may potentially
> be invisible to the user other than an icon change. I would be able to go
> onto a captive network, start sending out ICMP messages, and potentially
> bump other people's connection off the network.
>
> Having the UE fetch some resource in order to determine captive state,
> especially if that resource can be somehow signed, makes it much harder for
> an attacker to cause the OS to take silent behavior.
>
> Tommy
>
> On Aug 24, 2017, at 7:40 AM, Lorenzo Colitti <lorenzo@google.com> wrote:
>
> A forged destination unreachable can't cause someone else's device to
> think that wifi is a portal and switch to possibly expensive cellular data.
>
> On Thu, Aug 24, 2017 at 11:29 PM, David Bird <dbird@google.com> wrote:
>
>> Just like the rampant problem we see in ICMP Dest-Unreachable forgery
>> attacks?
>>
>> On Thu, Aug 24, 2017 at 7:01 AM, Lorenzo Colitti <lorenzo@google.com>
>> wrote:
>>
>>> On Thu, Aug 24, 2017 at 10:40 PM, David Bird <dbird@google.com> wrote:
>>>
>>>> Can you give an example of how ICMP could be misconfigured?
>>>>
>>>
>>> It doesn't matter how hard it is to misconfigure, because it is trivial
>>> to forge.
>>>
>>
>>
> _______________________________________________
> Captive-portals mailing list
> Captive-portals@ietf.org
> https://www.ietf.org/mailman/listinfo/captive-portals
>
>
>

v2.23.0 | Report a Bug | By Email