Re: [Captive-portals] Opsdir last call review of draft-ietf-capport-api-07
Tommy Pauly <tpauly@apple.com> Sat, 09 May 2020 22:38 UTC
Return-Path: <tpauly@apple.com>
X-Original-To: captive-portals@ietfa.amsl.com
Delivered-To: captive-portals@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E07183A0BE6; Sat, 9 May 2020 15:38:09 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.099
X-Spam-Level:
X-Spam-Status: No, score=-2.099 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=apple.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id YqkBhcrVyVu1; Sat, 9 May 2020 15:38:08 -0700 (PDT)
Received: from ma1-aaemail-dr-lapp01.apple.com (ma1-aaemail-dr-lapp01.apple.com [17.171.2.60]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id EA0253A0BE0; Sat, 9 May 2020 15:38:07 -0700 (PDT)
Received: from pps.filterd (ma1-aaemail-dr-lapp01.apple.com [127.0.0.1]) by ma1-aaemail-dr-lapp01.apple.com (8.16.0.42/8.16.0.42) with SMTP id 049MYSsC001571; Sat, 9 May 2020 15:38:05 -0700
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=apple.com; h=content-type : mime-version : subject : from : in-reply-to : date : cc : content-transfer-encoding : message-id : references : to; s=20180706; bh=uznCYEWJUnisqPQTEw37X8L8FJJCRSiZBecmxBw9epY=; b=sym1qurDvv149cbkeoa9vU+27MRKRM76X2V/gJ67NcLFOlUTpEb7Xm8gy3UHevEjE9Ti F/bbeTBBP5S3FUPeNnxReUKFpI31YUc0IcaUvNNim6ymId98ePoiaUepk3dK5eOfWJ5/ OB7CwUJDXWgtHos3ljtOXNNDIySGT9O1nGjV/p+2jNt9rgua0oRpeEAkOsjljIztVGiI Rb+B/brdEgdbNgNx//Dq36pjMGxR11j6KxC+oLPPgQmLrO8Cio47CxJ4HD2Bc8qyywkn AY2kk3HPB8GSraWyl0Vc9SXkomslFU5rzoUhVdYJmYHjdzKGXr54gJ7aV7I1sQhEvI1b 6A==
Received: from rn-mailsvcp-mta-lapp02.rno.apple.com (rn-mailsvcp-mta-lapp02.rno.apple.com [10.225.203.150]) by ma1-aaemail-dr-lapp01.apple.com with ESMTP id 30wu60yw8w-6 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128 verify=NO); Sat, 09 May 2020 15:38:05 -0700
Received: from rn-mailsvcp-mmp-lapp01.rno.apple.com (rn-mailsvcp-mmp-lapp01.rno.apple.com [17.179.253.14]) by rn-mailsvcp-mta-lapp02.rno.apple.com (Oracle Communications Messaging Server 8.1.0.5.20200312 64bit (built Mar 12 2020)) with ESMTPS id <0QA300X1J5JGVH50@rn-mailsvcp-mta-lapp02.rno.apple.com>; Sat, 09 May 2020 15:38:04 -0700 (PDT)
Received: from process_milters-daemon.rn-mailsvcp-mmp-lapp01.rno.apple.com by rn-mailsvcp-mmp-lapp01.rno.apple.com (Oracle Communications Messaging Server 8.1.0.5.20200312 64bit (built Mar 12 2020)) id <0QA300T00571S000@rn-mailsvcp-mmp-lapp01.rno.apple.com>; Sat, 09 May 2020 15:38:04 -0700 (PDT)
X-Va-A:
X-Va-T-CD: f3e19e1a059ac3349049e746f358beef
X-Va-E-CD: 70de52ba9b1cb86f6d388b1920f5b47a
X-Va-R-CD: 75d6554aef1eec767f19d308a3236b1e
X-Va-CD: 0
X-Va-ID: 3eb25a31-f84b-4274-b478-3c95d73b3189
X-V-A:
X-V-T-CD: f3e19e1a059ac3349049e746f358beef
X-V-E-CD: 70de52ba9b1cb86f6d388b1920f5b47a
X-V-R-CD: 75d6554aef1eec767f19d308a3236b1e
X-V-CD: 0
X-V-ID: b5ff33f3-32af-4413-a501-1f0ccef7958a
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.216, 18.0.676 definitions=2020-05-09_09:2020-05-08, 2020-05-09 signatures=0
Received: from [17.234.99.167] (unknown [17.234.99.167]) by rn-mailsvcp-mmp-lapp01.rno.apple.com (Oracle Communications Messaging Server 8.1.0.5.20200312 64bit (built Mar 12 2020)) with ESMTPSA id <0QA3008L35JF4L00@rn-mailsvcp-mmp-lapp01.rno.apple.com>; Sat, 09 May 2020 15:38:04 -0700 (PDT)
Content-type: text/plain; charset="utf-8"
MIME-version: 1.0 (Mac OS X Mail 13.4 \(3608.80.7.2.3\))
From: Tommy Pauly <tpauly@apple.com>
In-reply-to: <158906200797.26124.16073204264263445484@ietfa.amsl.com>
Date: Sat, 09 May 2020 15:38:03 -0700
Cc: ops-dir@ietf.org, last-call@ietf.org, draft-ietf-capport-api.all@ietf.org, captive-portals@ietf.org
Content-transfer-encoding: quoted-printable
Message-id: <0CA15D43-FF8E-4A16-91E2-BA2760820066@apple.com>
References: <158906200797.26124.16073204264263445484@ietfa.amsl.com>
To: Linda Dunbar <linda.dunbar@futurewei.com>
X-Mailer: Apple Mail (2.3608.80.7.2.3)
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.216, 18.0.676 definitions=2020-05-09_09:2020-05-08, 2020-05-09 signatures=0
Archived-At: <https://mailarchive.ietf.org/arch/msg/captive-portals/a280DE7un4kcC_H9zUvYfvEQhRc>
Subject: Re: [Captive-portals] Opsdir last call review of draft-ietf-capport-api-07
X-BeenThere: captive-portals@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Discussion of issues related to captive portals <captive-portals.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/captive-portals>, <mailto:captive-portals-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/captive-portals/>
List-Post: <mailto:captive-portals@ietf.org>
List-Help: <mailto:captive-portals-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/captive-portals>, <mailto:captive-portals-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 09 May 2020 22:38:10 -0000
Hi Linda, Thanks for reviewing the document. For background on how the architecture defined by the CAPPORT WG is preferable to the non-standard mechanisms in deployment today, I’d like to point you to one of the documents referenced by the API document, draft-ietf-capport-architecture (https://tools.ietf.org/html/draft-ietf-capport-architecture). There are several benefits, grouping roughly as follows: - Security: Generally, solutions today require interception of DNS and redirecting HTTP responses, and incompatibility with TLS or attempts to man-in-the-middle TLS. - Privacy: Captive networks usually rely on intercepting “user” traffic, which means a device may try to send traffic with user-sensitive names on a network and only later realize it is captive and the results are bogus. - Functionality: Solutions today do not have a way to communicate time remaining to devices or how to extend a session, so association is often cut off abruptly. - Consistency and early detection: There isn’t any standard way for a client device to detect that it is captive today, and there is a large variety in the way networks implement this, leading to inconsistency in user experience and timing. Best, Tommy > On May 9, 2020, at 3:06 PM, Linda Dunbar via Datatracker <noreply@ietf.org> wrote: > > Reviewer: Linda Dunbar > Review result: Has Nits > > I have reviewed this document as part of the Ops area directorate's ongoing > effort to review all IETF documents being processed by the IESG. These > comments were written primarily for the benefit of the Ops area directors. > Document editors and WG chairs should treat these comments just like any other > last call comments. > > This document provides examples of the API structure between client and captive > server. The document is well written. I just have a question: > > What improvement does the proposed API have over today's existing communication > between clients and Captive Server(s)? Captive servers have been deployed > everywhere, like airport or restaurants trying to access free WIFI. What > problems does the existing method have to justify this newly proposed APIs? > > Cheers, > Linda Dunbar > > > _______________________________________________ > Captive-portals mailing list > Captive-portals@ietf.org > https://www.ietf.org/mailman/listinfo/captive-portals
- Re: [Captive-portals] Opsdir last call review of … Tommy Pauly
- [Captive-portals] Opsdir last call review of draf… Linda Dunbar via Datatracker
- Re: [Captive-portals] [Last-Call] Opsdir last cal… Warren Kumari
- Re: [Captive-portals] [Last-Call] Opsdir last cal… Linda Dunbar
- Re: [Captive-portals] [Last-Call] Opsdir last cal… Barry Leiba