Re: [Captive-portals] Roman Danyliw's Discuss on draft-ietf-capport-api-07: (with DISCUSS and COMMENT)
Roman Danyliw <rdd@cert.org> Fri, 19 June 2020 12:44 UTC
Return-Path: <rdd@cert.org>
X-Original-To: captive-portals@ietfa.amsl.com
Delivered-To: captive-portals@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C2E013A09A0; Fri, 19 Jun 2020 05:44:26 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.098
X-Spam-Level:
X-Spam-Status: No, score=-2.098 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cert.org
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ttqnAwvcOJBA; Fri, 19 Jun 2020 05:44:24 -0700 (PDT)
Received: from taper.sei.cmu.edu (taper.sei.cmu.edu [147.72.252.16]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id AAF7F3A099F; Fri, 19 Jun 2020 05:44:23 -0700 (PDT)
Received: from delp.sei.cmu.edu (delp.sei.cmu.edu [10.64.21.31]) by taper.sei.cmu.edu (8.14.7/8.14.7) with ESMTP id 05JCiK2M015380; Fri, 19 Jun 2020 08:44:20 -0400
DKIM-Filter: OpenDKIM Filter v2.11.0 taper.sei.cmu.edu 05JCiK2M015380
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cert.org; s=yc2bmwvrj62m; t=1592570660; bh=iSHGFuvv0VI6pMcMHxQk2bjPo2TLt6twGw6+lLJsalI=; h=From:To:CC:Subject:Date:References:In-Reply-To:From; b=Yn+Dq6AljJQCnEIKOIr6PX1iH/LrTZmumsx3Q7gV5utUq7disNW5drf0ryS1PU9Mb 1P+oWERgdahGgC1j270Q7kcffhp3y6uT5cWYiQfyITLjmUa8eBzvhVR7hxcfZ3SNSL 23PvVOPaS0ZlZibvdkCoZpsMBgtF+9WjgGNarBHM=
Received: from CASCADE.ad.sei.cmu.edu (cascade.ad.sei.cmu.edu [10.64.28.248]) by delp.sei.cmu.edu (8.14.7/8.14.7) with ESMTP id 05JCiGim009863; Fri, 19 Jun 2020 08:44:16 -0400
Received: from MORRIS.ad.sei.cmu.edu (147.72.252.46) by CASCADE.ad.sei.cmu.edu (10.64.28.248) with Microsoft SMTP Server (TLS) id 14.3.487.0; Fri, 19 Jun 2020 08:44:16 -0400
Received: from MORRIS.ad.sei.cmu.edu (147.72.252.46) by MORRIS.ad.sei.cmu.edu (147.72.252.46) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.1979.3; Fri, 19 Jun 2020 08:44:15 -0400
Received: from MORRIS.ad.sei.cmu.edu ([fe80::555b:9498:552e:d1bb]) by MORRIS.ad.sei.cmu.edu ([fe80::555b:9498:552e:d1bb%13]) with mapi id 15.01.1979.003; Fri, 19 Jun 2020 08:44:15 -0400
From: Roman Danyliw <rdd@cert.org>
To: Tommy Pauly <tpauly@apple.com>
CC: The IESG <iesg@ietf.org>, "draft-ietf-capport-api@ietf.org" <draft-ietf-capport-api@ietf.org>, "capport-chairs@ietf.org" <capport-chairs@ietf.org>, "captive-portals@ietf.org" <captive-portals@ietf.org>, Martin Thomson <mt@lowentropy.net>
Thread-Topic: Roman Danyliw's Discuss on draft-ietf-capport-api-07: (with DISCUSS and COMMENT)
Thread-Index: AQHWPtIVM9CBETAvAk6Kae9Xng6iuajSacSAgAFhHnCAC8j/AIAAXM+g
Date: Fri, 19 Jun 2020 12:44:14 +0000
Message-ID: <760f6b997fdd47deb1cc8a71ca22c40b@cert.org>
References: <159175749592.8662.1482979746870215476@ietfa.amsl.com> <EA4FFE1A-31A0-4DCE-BF2D-1D9449EE0C5A@apple.com> <a3dc43f450294acba576f1137b938fdb@cert.org> <85B589DC-4F13-4CF8-8A68-3DDAEBF0ECFA@apple.com>
In-Reply-To: <85B589DC-4F13-4CF8-8A68-3DDAEBF0ECFA@apple.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.64.202.241]
Content-Type: multipart/alternative; boundary="_000_760f6b997fdd47deb1cc8a71ca22c40bcertorg_"
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/captive-portals/doB412Ii5ImRgZ0TjdcSGT7s5ws>
Subject: Re: [Captive-portals] Roman Danyliw's Discuss on draft-ietf-capport-api-07: (with DISCUSS and COMMENT)
X-BeenThere: captive-portals@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Discussion of issues related to captive portals <captive-portals.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/captive-portals>, <mailto:captive-portals-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/captive-portals/>
List-Post: <mailto:captive-portals@ietf.org>
List-Help: <mailto:captive-portals-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/captive-portals>, <mailto:captive-portals-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 19 Jun 2020 12:44:27 -0000
Hi Tommy! Thanks for publishing this update to address my discusses and comments. I’ve cleared my ballot. Regards, Roman From: Tommy Pauly <tpauly@apple.com> Sent: Thursday, June 18, 2020 11:11 PM To: Roman Danyliw <rdd@cert.org> Cc: The IESG <iesg@ietf.org>; draft-ietf-capport-api@ietf.org; capport-chairs@ietf.org; captive-portals@ietf.org; Martin Thomson <mt@lowentropy.net> Subject: Re: Roman Danyliw's Discuss on draft-ietf-capport-api-07: (with DISCUSS and COMMENT) Hi Roman, I’ve published the working copy as the -08 version of the draft: https://datatracker.ietf.org/doc/html/draft-ietf-capport-api Please take a look, and update your evaluation if it looks good! Best, Tommy On Jun 11, 2020, at 12:14 PM, Roman Danyliw <rdd@cert.org<mailto:rdd@cert.org>> wrote: Hi Tommy! The proposed edits in the working copy look good and address all of my discuss and comments. Thanks for making the changes. Regards, Roman From: Tommy Pauly <tpauly@apple.com<mailto:tpauly@apple.com>> Sent: Wednesday, June 10, 2020 2:09 PM To: Roman Danyliw <rdd@cert.org<mailto:rdd@cert.org>> Cc: The IESG <iesg@ietf.org<mailto:iesg@ietf.org>>; draft-ietf-capport-api@ietf.org<mailto:draft-ietf-capport-api@ietf.org>; capport-chairs@ietf.org<mailto:capport-chairs@ietf.org>; captive-portals@ietf.org<mailto:captive-portals@ietf.org>; Martin Thomson <mt@lowentropy.net<mailto:mt@lowentropy.net>> Subject: Re: Roman Danyliw's Discuss on draft-ietf-capport-api-07: (with DISCUSS and COMMENT) Hi Roman, Thanks for your comments! I’ve updated our working copy with this commit: https://github.com/capport-wg/api/commit/ef6f9afe84f2e49827560b5e2e8f292966107896 The full editor’s copy can be viewed here: https://capport-wg.github.io/api/draft-ietf-capport-api.html On Jun 9, 2020, at 7:51 PM, Roman Danyliw via Datatracker <noreply@ietf.org<mailto:noreply@ietf.org>> wrote: Roman Danyliw has entered the following ballot position for draft-ietf-capport-api-07: Discuss When responding, please keep the subject line intact and reply to all email addresses included in the To and CC lines. (Feel free to cut this introductory paragraph, however.) Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html for more information about IESG DISCUSS and COMMENT positions. The document, along with other ballot positions, can be found here: https://datatracker.ietf.org/doc/draft-ietf-capport-api/ ---------------------------------------------------------------------- DISCUSS: ---------------------------------------------------------------------- “Discuss discuss”. Section 4 says “The API server endpoint MUST be accessed using HTTP over TLS (HTTPS) and SHOULD be served on port 443 [RFC2818].” There is also various guidance on verifying the API server identity and access to revocation and time resources. However, the way I read the definition of the “Captive Portal API Server” per Section 2 and per Figure 1 of draft-ietf-capport-architecture, the API server is logically different than the service at the user-portal-url URL (i.e., Web Portal Server in the architecture). Section 7.1 helpfully points out “Information passed between a client and a Captive Portal system may include a user's personal information, such as a full name and credit card details. Therefore, it is important that Captive Portal API Servers do not allow access to the Captive Portal API over unencrypted sessions.” The first sentence is makes sense, but the second, while true, doesn’t follow the first for me. PII and credit card information would be the kind of input you would provide to the _Web Portal Server_ not the Captive Portal API (of course both are part of the overall Captive Portal system). This has been updated to: Information passed between a client and the user-facing web portal may include a user's personal information, such as a full name and credit card details. Therefore, it is important that both the user-facing web portal and the API server that points a client to the web portal are only accessed over encrypted connections. I feel there is missing guidance roughly on the order of the user-portal-url “provides the URL of a web portal _that MUST be accessed over TLS_ with which a user can interact.” (and the venue-info-url SHOULD use TLS too). Good point. This was implicit in some of our text, but needed to be stated: - "user-portal-url" (string): provides the URL of a web portal that MUST be accessed over TLS with which a user can interact. - "venue-info-url" (string): provides the URL of a webpage or site that SHOULD be accessed over TLS on which the operator of the network has information that it wishes to share with the user (e.g., store info, maps, flight status, or entertainment). Both this draft and draft-ietf-capport-rfc7710bis-07 are fundamentally providing pointers to other resources. Would it be out of scope for this document to place restrictions on what the API is capable of pointing to? If not here, then where? ---------------------------------------------------------------------- COMMENT: ---------------------------------------------------------------------- Thanks for describing the protocol interaction within the reference architecture of draft-ietf-capport-architecture. ** Ben points to a few places to tighten up the TLS mechanics (e.g., referencing BCP195, non-OCSP stapling revocation) which I won't repeat here. These are important. Indeed. Please see responses to Ben’s comments. ** Are there any retry behavior to specify for the client? Say the client tries to the visit the API URL and the server returns an HTTP 500 error? Or, the API server doesn’t respond at all? I’ve added this text to clarify: Client behavior for issuing requests for updated JSON content is implementation-specific, and can be based on user interaction or the indications of seconds and bytes remaining in a given session. If at any point the client does not receive valid JSON content from the API server, either due to an error or due to receiving no response, the client SHOULD continue to apply the most recent valid content it had received; or, if no content had been received previously, proceed to interact with the captive network as if the API capabilities were not present. ** Editorial Nits -- Section 4.1. Typo. s/mechnism/mechanisms/ -- Section 6. Typo. s/the the/the/ -- Section 6. Typo. s/extenal/external/ Thanks! Fixed all of these. Best, Tommy
- [Captive-portals] Roman Danyliw's Discuss on draf… Roman Danyliw via Datatracker
- Re: [Captive-portals] Roman Danyliw's Discuss on … Tommy Pauly
- Re: [Captive-portals] Roman Danyliw's Discuss on … Roman Danyliw
- Re: [Captive-portals] Roman Danyliw's Discuss on … Tommy Pauly
- Re: [Captive-portals] Roman Danyliw's Discuss on … Roman Danyliw