IETF Logo Mail Archive

Re: [Captive-portals] Use Case: "Carrier Grade Captive Portal"

David Bird <dbird@google.com> Wed, 14 June 2017 13:36 UTC

Return-Path: <dbird@google.com>
X-Original-To: captive-portals@ietfa.amsl.com
Delivered-To: captive-portals@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D9623126B6D for <captive-portals@ietfa.amsl.com>; Wed, 14 Jun 2017 06:36:04 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.701
X-Spam-Level:
X-Spam-Status: No, score=-2.701 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=google.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id qYl325EFmCdj for <captive-portals@ietfa.amsl.com>; Wed, 14 Jun 2017 06:36:02 -0700 (PDT)
Received: from mail-it0-x230.google.com (mail-it0-x230.google.com [IPv6:2607:f8b0:4001:c0b::230]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 376D312DDD2 for <captive-portals@ietf.org>; Wed, 14 Jun 2017 06:36:02 -0700 (PDT)
Received: by mail-it0-x230.google.com with SMTP id l6so493484iti.1 for <captive-portals@ietf.org>; Wed, 14 Jun 2017 06:36:02 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=0zeAKp+BGr9wJAS4EB68w3Dj3T/9gIfT5Y9gWJ4EKRY=; b=XwIs5iG6xP0SaAgC/+eRQU6q8lHsdPio8PdzbrGc52iV8jQ/OYbjSU+Sd9DKnV5ZmV R8lDc2AhdgVjr2ofy6t69Tp5a+7/AX8srDJi7ZtcDLGHStHlVBuz30VzXwYJULZ0/5XJ Sx/FTLllYvA/nMJDEvuogJCfy/teR2oBCLmQ8G3D9Mng7vTpm2GRdVzkBM+wK0Odsf5W KPXoWnPtByZYwx01PGP+qEbkMH590jgDTNjMbfecs4EUNg6ZsI75En3ZjGell6S/A0Kc GbkrL9SzhFPlg3rQwTsDOwYSR/YOOjmvYO2UNSjYilrVhC5IT75LVfGn4WCPhoScLz8I +JRg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=0zeAKp+BGr9wJAS4EB68w3Dj3T/9gIfT5Y9gWJ4EKRY=; b=aCwMA1FfHVAZ9Lw8/y/jIrSLF4AKrBNBF8fLXVwf90bxDN/orOOTMNXZdTioreTruG G3IIXoiplYv5uplalynB1xPLZd0oLe0T00fD4WcaGKGb8qU00zI2vtrxWUKl8FMrH2DQ LxSjPEzkxzdPoC9RIt/zpq5/StH5/FeCif6f6ricAdNHnacPLtUBPILXBDZqW8SLxf87 kUtdqWUXIpuoZip2QC2CBCK1CYiuJSoiPgr0ZkYoR8bBIt9IIxegz8E8ZmDa8S8Gwacb zDbFxERzpZ3AB36xMMto87BKNODqblAogwAoa70NWXJQigmUPi3ML1m4bect4+jhe8kz MrGg==
X-Gm-Message-State: AKS2vOxp9SVCZsU9JAHlLBG7ennaoKfykpf+e4Srd3YfC5T0T3sbobim ecWl9kDjkcpvPIJ6Tz8qUfYTAe32hZuZ
X-Received: by 10.36.73.82 with SMTP id z79mr134399ita.20.1497447361345; Wed, 14 Jun 2017 06:36:01 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.79.14.144 with HTTP; Wed, 14 Jun 2017 06:36:00 -0700 (PDT)
In-Reply-To: <CAAedzxoZkuauME8n3B3aZqE1rra8p2hB9rGJLqoYyVi8usnx+g@mail.gmail.com>
References: <201705031442.50683.heiko.folkerts@bsi.bund.de> <E8355113905631478EFF04F5AA706E98705C6C57@wtl-exchp-1.sandvine.com> <CAHw9_iJARf4MUA8nHqHA54jLvJNq-_Vek67A-rjHpSK6vC7r+Q@mail.gmail.com> <1BB90528-B35F-43F0-AF18-0215DC735FF0@cable.comcast.com> <CABkgnnWT6Xtqyx6pofpNOGa5E1FjJO1gPX1axmmiRaMnzxdoPg@mail.gmail.com> <AD3F2B14-E9AD-4156-96A6-9B83F8545B54@cable.comcast.com> <754719c5-c74c-fbdc-405e-b8c91478c0a5@netcologne.de> <CAAedzxoZkuauME8n3B3aZqE1rra8p2hB9rGJLqoYyVi8usnx+g@mail.gmail.com>
From: David Bird <dbird@google.com>
Date: Wed, 14 Jun 2017 06:36:00 -0700
Message-ID: <CADo9JyVsfVYTPQjHiEn1JcJ=_NzOOvtWjbuCZdQ-4jsRPpz2wQ@mail.gmail.com>
To: Erik Kline <ek@google.com>
Cc: Gunther Nitzsche <gnitzsche@netcologne.de>, Mark Townsley <townsley@cisco.com>, Heiko Folkerts <heiko.folkerts@bsi.bund.de>, Martin Thomson <martin.thomson@gmail.com>, "captive-portals@ietf.org" <captive-portals@ietf.org>, "Livingood, Jason" <Jason_Livingood@comcast.com>, "Herzig, Willi" <willi.herzig@bsi.bund.de>, Warren Kumari <warren@kumari.net>, Dave Dolson <ddolson@sandvine.com>
Content-Type: multipart/alternative; boundary="001a11c147a60b79390551eba21a"
Archived-At: <https://mailarchive.ietf.org/arch/msg/captive-portals/bdQRCBYVdIGfX2xZ6Z7jJ72CHL8>
X-Mailman-Approved-At: Wed, 14 Jun 2017 07:32:33 -0700
Subject: Re: [Captive-portals] Use Case: "Carrier Grade Captive Portal"
X-BeenThere: captive-portals@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Discussion of issues related to captive portals <captive-portals.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/captive-portals>, <mailto:captive-portals-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/captive-portals/>
List-Post: <mailto:captive-portals@ietf.org>
List-Help: <mailto:captive-portals-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/captive-portals>, <mailto:captive-portals-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 14 Jun 2017 13:36:05 -0000

On Sun, Jun 11, 2017 at 11:17 PM, Erik Kline <ek@google.com> wrote:
>
> I'm not sure we have enough input on whether 511 is useful or not.  There
> seemed to be some suggestion it would help, and some that it wouldn't.
> Perhaps one question we could ask is whether it's harmful?  And if we agree
> it's not harmful, is it worth developing some recommendations for its use?
>
>
In of itself, I don't believe it is harmful. However, if vendors use it as
a reason to continue to terminate TLS connection in order to deliver the
511, then perhaps it is a bit harmful - or at least misleading. As the
world moves to TLS (and QUIC), I think the time for the 511 code has
already passed, to some degree. That, combined with the fact you may still
have browsers not handling that return code properly, I don't see the value
for any vendor or venue to implement this.



> As for the ICMP unreachable option, I certainly don't think it would be
> harmful (with the extra URL bits removed for now).  Is that something we
> wish to progress?
>
>
I will work on a new draft that is only the basics. The additional fields
could always be add in their own draft as extensions.



> Given that we're probably looking at a portal detection method based on
> entirely new work, it seems to me we're free to look at new things like
> utilizing the PVD detection scheme (DNS queries for "provisioning domain
> names", followed by other interaction still TBD).  Have the portal
> implementors reviewed this and given consideration as to whether its
> useful?  (I think of the discovery of the portal and subsequent interaction
> with it as 2 separate processes conducted, obviously, in serial.)
>
>
I believe there are several talking points here, as the PvD method seems to
have several possible implementations.

I think requiring Ipv6 to configure Ipv4 is weird (I believe that was one
proposed method to convey configuration)

Several points I made in the thread "Arguments against any Capport API"
regarding a web service - detached from the NAS - controlling the
UE/station I think are relevant.

If the authors of the PvD concept (re-)present their I-D to the mailing
list, and stick around for discussion, that would be helpful.



> Thoughts?
>
> _______________________________________________
> Captive-portals mailing list
> Captive-portals@ietf.org
> https://www.ietf.org/mailman/listinfo/captive-portals
>
>

v2.23.0 | Report a Bug | By Email