IETF Logo Mail Archive

Re: [Captive-portals] Use Case: "Carrier Grade Captive Portal"

Dave Dolson <ddolson@sandvine.com> Tue, 27 June 2017 19:46 UTC

Return-Path: <ddolson@sandvine.com>
X-Original-To: captive-portals@ietfa.amsl.com
Delivered-To: captive-portals@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2A56C1270A7 for <captive-portals@ietfa.amsl.com>; Tue, 27 Jun 2017 12:46:24 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ZlolSbxeJEtP for <captive-portals@ietfa.amsl.com>; Tue, 27 Jun 2017 12:46:21 -0700 (PDT)
Received: from mail1.sandvine.com (mail1.sandvine.com [64.7.137.165]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4138212EB13 for <captive-portals@ietf.org>; Tue, 27 Jun 2017 12:46:18 -0700 (PDT)
Received: from WTL-EXCHP-1.sandvine.com ([fe80::ac6b:cc1e:f2ff:93aa]) by WTL-EXCHP-3.sandvine.com ([fe80::3c39:d305:d721:f00a%15]) with mapi id 14.03.0319.002; Tue, 27 Jun 2017 15:46:17 -0400
From: Dave Dolson <ddolson@sandvine.com>
To: "Eric Vyncke (evyncke)" <evyncke@cisco.com>, "captive-portals@ietf.org" <captive-portals@ietf.org>
CC: David Bird <dbird@google.com>
Thread-Topic: [Captive-portals] Use Case: "Carrier Grade Captive Portal"
Thread-Index: AQHSxAspm2jwFnBWgkqjQKiot+mYpKHim5WQgAHxpYCAKua1AIAALgAAgAJV74CABl/BAIAI6m4AgAOfPACADjOEMIADVqkAgAMFLHA=
Date: Tue, 27 Jun 2017 19:46:16 +0000
Message-ID: <E8355113905631478EFF04F5AA706E98706252AA@wtl-exchp-1.sandvine.com>
References: <201705031442.50683.heiko.folkerts@bsi.bund.de> <E8355113905631478EFF04F5AA706E98705C6C57@wtl-exchp-1.sandvine.com> <CAHw9_iJARf4MUA8nHqHA54jLvJNq-_Vek67A-rjHpSK6vC7r+Q@mail.gmail.com> <1BB90528-B35F-43F0-AF18-0215DC735FF0@cable.comcast.com> <CABkgnnWT6Xtqyx6pofpNOGa5E1FjJO1gPX1axmmiRaMnzxdoPg@mail.gmail.com> <AD3F2B14-E9AD-4156-96A6-9B83F8545B54@cable.comcast.com> <754719c5-c74c-fbdc-405e-b8c91478c0a5@netcologne.de> <CAAedzxoZkuauME8n3B3aZqE1rra8p2hB9rGJLqoYyVi8usnx+g@mail.gmail.com> <CADo9JyVsfVYTPQjHiEn1JcJ=_NzOOvtWjbuCZdQ-4jsRPpz2wQ@mail.gmail.com> <E8355113905631478EFF04F5AA706E987061FACA@wtl-exchp-1.sandvine.com> <CE7B0AC2-8803-41B5-9B0B-EB1217A5A8EC@cisco.com>
In-Reply-To: <CE7B0AC2-8803-41B5-9B0B-EB1217A5A8EC@cisco.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [192.168.200.114]
x-c2processedorg: b2f06e69-072f-40ee-90c5-80a34e700794
Content-Type: multipart/alternative; boundary="_000_E8355113905631478EFF04F5AA706E98706252AAwtlexchp1sandvi_"
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/captive-portals/d4rfrM8oZqxUv9bgMra64CTfV8s>
Subject: Re: [Captive-portals] Use Case: "Carrier Grade Captive Portal"
X-BeenThere: captive-portals@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Discussion of issues related to captive portals <captive-portals.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/captive-portals>, <mailto:captive-portals-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/captive-portals/>
List-Post: <mailto:captive-portals@ietf.org>
List-Help: <mailto:captive-portals-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/captive-portals>, <mailto:captive-portals-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 27 Jun 2017 19:46:24 -0000

Eric,
Do I understand correctly from https://tools.ietf.org/html/draft-bruneau-intarea-provisioning-domains-00#section-5.5
that the intention is for the JSON key “captivePortal” to indicate that the specified URL is to be visited by the browser to navigate the requirements for exiting captivity?

If so, would you say this URL should be used in place of performing a capport detection strategy (e.g., canary HTTP request)?



Note: the same “captivePortal” key is also defined in section 5.3 as a Boolean. Should I consider this to be a defect in the draft, or am I missing something?

-Dave



From: Eric Vyncke (evyncke) [mailto:evyncke@cisco.com]
Sent: Sunday, June 25, 2017 8:27 PM
To: Dave Dolson; captive-portals@ietf.org
Cc: David Bird
Subject: Re: [Captive-portals] Use Case: "Carrier Grade Captive Portal"

At least Erik Kline and myself are following the captive-portal list :-)

And the more we think about it, PvD could really be useful and we, the PvD I-D authors, would be pleased to present at your WG

-éric

From: Captive-portals <captive-portals-bounces@ietf.org> on behalf of Dave Dolson <ddolson@sandvine.com>
Date: Friday 23 June 2017 at 11:57
To: "captive-portals@ietf.org" <captive-portals@ietf.org>
Cc: David Bird <dbird@google.com>
Subject: Re: [Captive-portals] Use Case: "Carrier Grade Captive Portal"

[resend with fewer recipients to avoid mailing list problems]

To echo David’s request,
> If the authors of the PvD concept (re-)present their I-D to the mailing list, and stick around for discussion, that would be helpful.


From: David Bird [mailto:dbird@google.com]
Sent: Wednesday, June 14, 2017 9:36 AM
To: Erik Kline
Cc: Gunther Nitzsche; Mark Townsley; Heiko Folkerts; Martin Thomson; captive-portals@ietf.org; Livingood, Jason; Herzig, Willi; Warren Kumari; Dave Dolson
Subject: Re: [Captive-portals] Use Case: "Carrier Grade Captive Portal"

On Sun, Jun 11, 2017 at 11:17 PM, Erik Kline <ek@google.com<mailto:ek@google.com>> wrote:
I'm not sure we have enough input on whether 511 is useful or not.  There seemed to be some suggestion it would help, and some that it wouldn't.  Perhaps one question we could ask is whether it's harmful?  And if we agree it's not harmful, is it worth developing some recommendations for its use?


In of itself, I don't believe it is harmful. However, if vendors use it as a reason to continue to terminate TLS connection in order to deliver the 511, then perhaps it is a bit harmful - or at least misleading. As the world moves to TLS (and QUIC), I think the time for the 511 code has already passed, to some degree. That, combined with the fact you may still have browsers not handling that return code properly, I don't see the value for any vendor or venue to implement this.


As for the ICMP unreachable option, I certainly don't think it would be harmful (with the extra URL bits removed for now).  Is that something we wish to progress?


I will work on a new draft that is only the basics. The additional fields could always be add in their own draft as extensions.


Given that we're probably looking at a portal detection method based on entirely new work, it seems to me we're free to look at new things like utilizing the PVD detection scheme (DNS queries for "provisioning domain names", followed by other interaction still TBD).  Have the portal implementors reviewed this and given consideration as to whether its useful?  (I think of the discovery of the portal and subsequent interaction with it as 2 separate processes conducted, obviously, in serial.)


I believe there are several talking points here, as the PvD method seems to have several possible implementations.

I think requiring Ipv6 to configure Ipv4 is weird (I believe that was one proposed method to convey configuration)

Several points I made in the thread "Arguments against any Capport API" regarding a web service - detached from the NAS - controlling the UE/station I think are relevant.

If the authors of the PvD concept (re-)present their I-D to the mailing list, and stick around for discussion, that would be helpful.


Thoughts?

_______________________________________________
Captive-portals mailing list
Captive-portals@ietf.org<mailto:Captive-portals@ietf.org>
https://www.ietf.org/mailman/listinfo/captive-portals

v2.23.0 | Report a Bug | By Email