IETF Logo Mail Archive

Re: [Captive-portals] Use Case: "Carrier Grade Captive Portal"

David Bird <dbird@google.com> Thu, 18 May 2017 13:10 UTC

Return-Path: <dbird@google.com>
X-Original-To: captive-portals@ietfa.amsl.com
Delivered-To: captive-portals@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 45512129527 for <captive-portals@ietfa.amsl.com>; Thu, 18 May 2017 06:10:41 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.001
X-Spam-Level:
X-Spam-Status: No, score=-2.001 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=google.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id r2zjq7WBTTyP for <captive-portals@ietfa.amsl.com>; Thu, 18 May 2017 06:10:39 -0700 (PDT)
Received: from mail-it0-x22b.google.com (mail-it0-x22b.google.com [IPv6:2607:f8b0:4001:c0b::22b]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9E323129AA0 for <captive-portals@ietf.org>; Thu, 18 May 2017 06:04:01 -0700 (PDT)
Received: by mail-it0-x22b.google.com with SMTP id g126so27420723ith.0 for <captive-portals@ietf.org>; Thu, 18 May 2017 06:04:01 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=ycszvtzGCnge8WvpVl1HlCEmY6+3R9rr3fZyO2MWU5Y=; b=hBYNzA075FOL1HnWY2/ENvED3Dxhnp3HYNkC98CGF7JnD8eZc72DN3sAO7qEAFmoKu wAQ0qwwUi/p+ZZKnd8VTbHJcexIeh/dIyOtivJoQkocs0ebSlunlLQIZckXg0ymEISyz 9PfOr5y61CACCqF7wS2LySg2QttxDAgdoPQum2Z2Y+nFmQjdtxO3B6vQTuZjafDH86Vz Fo2Qk98gDnmpSipfDsZs2cAQVJ83T4lX+VW2EqgfeB5RMM3hngQ4mNms/wiuDdcCfqVh DwjMvHUsLMrD5pwIgCsxL+VgXB6xvHEwr0+Re8lW4XytHn7cggsAlsqEhbH/S8G88/V8 HdCA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=ycszvtzGCnge8WvpVl1HlCEmY6+3R9rr3fZyO2MWU5Y=; b=FusfhAbrtl0qIFvcpyDpo7hKFtLcDOVQfzJFWPaugku8mjYFdInH4L4hkHkKrHWhvz FRiklt79PJQ1kzjGk4gyDxZqFbI5cqJnT8EuPRKCzST3SBqmn4/1/p71ouWw0/bBeqvc zo25aq54ZTP7mchENbH1EZsVSdXuLB3tdkGhmzxo25gJfG+FLsFpIXZ8ZBzhtVJ6DyDU PENogR00JPwBk1RJOnglRlLicyoUbamyNT1g2eeQCLFU7U6SsRTSNIxUf6E/pDUja9j/ YLY7cGwmHqpa9JNCXfIJq9YjDM08f2wgJyvZU3vk3x4z9+NOwY/T3t672Jenwwu02yW6 OjgA==
X-Gm-Message-State: AODbwcAUEOA6Kn6QGUC8Gyv2umFLocKlL6qvxmZt5Voyw/ZrvtKi7zJQ w0Ed/8mlpsLYTqfPhkp4+d70zEEYHzdQ
X-Received: by 10.36.0.86 with SMTP id 83mr23168430ita.63.1495112640796; Thu, 18 May 2017 06:04:00 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.79.12.147 with HTTP; Thu, 18 May 2017 06:04:00 -0700 (PDT)
In-Reply-To: <7e4e6be2-3f2e-897e-4c7b-0374f0b7b0b5@netcologne.de>
References: <201705031442.50683.heiko.folkerts@bsi.bund.de> <8951dd0a-044b-b3ed-4454-e24fac407c4e@netcologne.de> <CADo9JyVdkzrtWE6RMt3CVYCkHrdB=+LKA9eDazN8Xf+R=Vza_Q@mail.gmail.com> <7e4e6be2-3f2e-897e-4c7b-0374f0b7b0b5@netcologne.de>
From: David Bird <dbird@google.com>
Date: Thu, 18 May 2017 06:04:00 -0700
Message-ID: <CADo9JyWj=cAa7GK=qwTDw6U-+=jrt24Du0HW5WnipS+57TQDZA@mail.gmail.com>
To: Gunther Nitzsche <gnitzsche@netcologne.de>
Cc: Heiko Folkerts <heiko.folkerts@bsi.bund.de>, "Herzig, Willi" <willi.herzig@bsi.bund.de>, captive-portals@ietf.org
Content-Type: multipart/alternative; boundary="001a11c00bfadafff4054fcc0903"
Archived-At: <https://mailarchive.ietf.org/arch/msg/captive-portals/f5Gzqms68B_5SIa9pIr8QKuXLcQ>
Subject: Re: [Captive-portals] Use Case: "Carrier Grade Captive Portal"
X-BeenThere: captive-portals@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Discussion of issues related to captive portals <captive-portals.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/captive-portals>, <mailto:captive-portals-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/captive-portals/>
List-Post: <mailto:captive-portals@ietf.org>
List-Help: <mailto:captive-portals-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/captive-portals>, <mailto:captive-portals-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 18 May 2017 13:10:41 -0000

>
> while I support the opinion to stop breaking/redirecting https and do
> proper signaling with icmp instead,
> I do not see working setups in real world scenarios without sending a
> http-status code leading
> to specific browser's behaviour (outside of the mobile world). Otherwise
> the customer is left alone with a
> browser showing an error page.
>
>
>
> (If there would be a possibility to trigger a webpage with a
> capportdetection  - icmp unreachable message,
> that would be great.. any hints welcome. Very well possible that I just
> overlooked something..)
>
>
>
In my opinion, there already exists an HTTP status code that leads to
specific browser behavior (redirecting to captive portal). The problem is
that even with HTTP (over TLS), this falls apart (without doing 443
hijacking). We could perhaps define something for HTTPS, but are we then
going to make every protocol "captive portal" compliant? Hence the reason
to use ICMP - it will work with any protocol.

v2.23.0 | Report a Bug | By Email