Re: [Captive-portals] User equipment identification

David Bird <dbird@google.com> Fri, 03 July 2020 22:14 UTC

Return-Path: <dbird@google.com>
X-Original-To: captive-portals@ietfa.amsl.com
Delivered-To: captive-portals@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D0B2D3A0977 for <captive-portals@ietfa.amsl.com>; Fri, 3 Jul 2020 15:14:07 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -17.599
X-Spam-Level:
X-Spam-Status: No, score=-17.599 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_MED=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, ENV_AND_HDR_SPF_MATCH=-0.5, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, USER_IN_DEF_DKIM_WL=-7.5, USER_IN_DEF_SPF_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=google.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id OoRgBL6L6Lmn for <captive-portals@ietfa.amsl.com>; Fri, 3 Jul 2020 15:14:06 -0700 (PDT)
Received: from mail-io1-xd29.google.com (mail-io1-xd29.google.com [IPv6:2607:f8b0:4864:20::d29]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4AE133A0976 for <captive-portals@ietf.org>; Fri, 3 Jul 2020 15:14:06 -0700 (PDT)
Received: by mail-io1-xd29.google.com with SMTP id i25so33852357iog.0 for <captive-portals@ietf.org>; Fri, 03 Jul 2020 15:14:06 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=WGf6t3nYecawoBW89HY50VY+EVuFWCztPIKnFG48Zg8=; b=POTXFwNTBx1gdA441G6FkoQt7dQt+OQZK7ig94qYazgaQJQR/SMbL8bVuGlcWOPa02 JVLuQtlPWAkbIifJ4nUGO98YtBTpFzEgnugRg7royiwxkg3Q9ETRxLmwPbtTh5LWH7lE WtZMS/HaIK1xR6yh/L7bAZsD1aGExjYiSB6VlNOHX0pIui3sJrxH/pmB4uzt893BKOTx CFFadTmCgot1Zikc5I6tGrYdblPAONsfmpMDjH9r/GqN1J+d0ibIlfNzTg0j5JGiTnaj 2NGI47Ls0U1dWpalowhsaxC+dGNav/KzJoNkSBbIzRJguImrvgDwUNuc+L1skCRAnYGM 05cw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=WGf6t3nYecawoBW89HY50VY+EVuFWCztPIKnFG48Zg8=; b=ZFB1p4Cv8OxtnEZlouygaM6FpdA3k875ywzrGR55XKOlW/abS2hxNUJrDp/EkR9TE/ FtME0zLIm06W2VUUcnbkzbq3WnaghhcbkXQ6CnEOfBvY0ocY97afroPh8vm0a4xuZSGQ wNIq6BLU2NXwPQSr9ies8cjKnTxsj01AG2V/A1vOkw27CT6xKXCpQqgVaNQ9xpc6GBHP az1KtjL+h3gESqhQ8WoV3JXlAQz4MBMMTvImnwcInWgI3HbbS7iO5wM9/v4o/saVFj7H PGV2Ay5IsCuYtlwiOTcc6pEyEhxI3vlUjmU2l3Tz3g7VBuuQcqBFDyCwriOxtN17lAhT CquQ==
X-Gm-Message-State: AOAM532AaIYsWYiWP1N8Hxd06beoL7JegDKc0BBezkCLV+IIsPR/AN+/ szxu03ndi0fOWB8f93zgrqwrbNYPcq7fZEOBioGmNPcx
X-Google-Smtp-Source: ABdhPJx3YOLiWDu+rhVibPUbYk0uRZYIzzmoyCpEurry6XZR3pAsIJNVuaeQLze4KhXEjOOZgP0oy1zj3KmUTHO6G3Y=
X-Received: by 2002:a05:6602:1225:: with SMTP id z5mr14381692iot.64.1593814444966; Fri, 03 Jul 2020 15:14:04 -0700 (PDT)
MIME-Version: 1.0
References: <3018282E-F85A-49B0-91DF-0BB629165F80@onway.ch>
In-Reply-To: <3018282E-F85A-49B0-91DF-0BB629165F80@onway.ch>
From: David Bird <dbird@google.com>
Date: Fri, 3 Jul 2020 15:13:54 -0700
Message-ID: <CADo9JyUangfyLvbnBUnjQwQbMNsDMKQMhXHSSXaFPuAZM+PgyA@mail.gmail.com>
To: Michael Schneider <michael.schneider@onway.ch>
Cc: "captive-portals@ietf.org" <captive-portals@ietf.org>
Content-Type: multipart/alternative; boundary="000000000000d5308f05a990d741"
Archived-At: <https://mailarchive.ietf.org/arch/msg/captive-portals/ck_ulSLJoATqM6CUtyxbrUIulD8>
Subject: Re: [Captive-portals] User equipment identification
X-BeenThere: captive-portals@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Discussion of issues related to captive portals <captive-portals.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/captive-portals>, <mailto:captive-portals-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/captive-portals/>
List-Post: <mailto:captive-portals@ietf.org>
List-Help: <mailto:captive-portals-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/captive-portals>, <mailto:captive-portals-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 03 Jul 2020 22:14:08 -0000

I believe how to uniquely identify the user device has been distinctly left
up to the implementers... It will depend on how you implement your DHCP and
ICMPv6 services and where you reside your API server (e.g. within or
outside any NATv4). Assuming you have full control of your DHCP server and
perhaps use RFC 8273 <https://tools.ietf.org/html/rfc8273>, you can assign
each subscriber a unique identifier during IP/prefix assignment. If that is
not an option, then the API server probably has only the connecting IP
address as the unique identifier...

On Fri, Jul 3, 2020 at 1:27 PM Michael Schneider <michael.schneider@onway.ch>
wrote:

> Hi,
>
> I have read the documents about CAPPORT and as a Captive Portal vendor I
> find the current drafts very reasonable and well thought out. But a
> question came up when I was thinking about a dual stack user equipment. How
> does the client behave if it has an IPv4 and an IPv6 address and one of the
> two addresses is captive=false and the other captive=true. Do you see ways
> for the enforcement device to match these two addresses and allow both if
> one of them gets captive=false? Furthermore, a user equipment can hold more
> than one IPv6 address at a time and/or change it frequently.
>
> Many thanks for your advice.
>
> Regards,
> Michael
>
> --
> onway ag
> Michael Schneider
> Head of Development
>
> Stauffacherstrasse 16, CH-8004 Zürich
> Tel: +41 55 214 18 35 <+41%2055%20214%2018%2035>
> michael.schneider@onway.ch
> www.onway.ch
>
> _______________________________________________
> Captive-portals mailing list
> Captive-portals@ietf.org
> https://www.ietf.org/mailman/listinfo/captive-portals
>