IETF Logo Mail Archive

Re: [Captive-portals] Requirements for "captive portal closed" notifications

David Bird <dbird@google.com> Tue, 20 March 2018 17:15 UTC

Return-Path: <dbird@google.com>
X-Original-To: captive-portals@ietfa.amsl.com
Delivered-To: captive-portals@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2449D1242EA for <captive-portals@ietfa.amsl.com>; Tue, 20 Mar 2018 10:15:52 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.01
X-Spam-Level:
X-Spam-Status: No, score=-2.01 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=google.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 9OSkE00G9pae for <captive-portals@ietfa.amsl.com>; Tue, 20 Mar 2018 10:15:49 -0700 (PDT)
Received: from mail-it0-x22b.google.com (mail-it0-x22b.google.com [IPv6:2607:f8b0:4001:c0b::22b]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DA39512EA64 for <captive-portals@ietf.org>; Tue, 20 Mar 2018 10:15:45 -0700 (PDT)
Received: by mail-it0-x22b.google.com with SMTP id j137-v6so3415976ita.1 for <captive-portals@ietf.org>; Tue, 20 Mar 2018 10:15:45 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=gkGCmWwZh/CuFlUw/LPR+LZRHsmaixLz3XDt18/7jvs=; b=TAVNTf5qZfeWKClN2VF9by3neeXAOeWKDaw4OrmGtw1PQJDDAC4m6b5YagRZkBT1po zYOIh9AmkakkeThLn3CUsRnJQ8Z+bNiSO9Veg0j+A7en1BOVFGnED3h+mL2DmNbizsbL IZN1NDzZ7JZCxZFgpeRTNvMib1iPmZ4d/RAT7da08ObHT312qonLz0qTg1VeSx1O/Kda gkMY8/jDSRCGvlt/62pCZcBZvN+qbhk/XtlgQEZQXBmfeSwAMTuGdsZU4biGLGKQUP7a oszwsaPrxgJhD/q9/feSF6zm02SfAK3O6+fg5qiuTlInquxfF3WBMjRK5mmU3H1LC2/2 aIew==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=gkGCmWwZh/CuFlUw/LPR+LZRHsmaixLz3XDt18/7jvs=; b=g+nfEd98ud+fXJcnvfklkhyT22BzbniGwmsxN0FYJUo8XY3YvXjv8dGeYfPsrwyO0s j1pqALLlhL4G6yk6UBmYNblhiAxZMxw4HZeXal/lsmUdnLD6pFxAlAeCrMXm2GIjqJmK 4NKdicDr5Pd8+CaW7r6x63u9VTznaV9rNGeDTGUbtJKYz9QJQi+ISED1lroo3nNEC+VW lnroG2Rw1HTAfwT0l2CJiV9+AD5QUPPG3xSBO+ym2rUz7QrGBp7BQhhUobIHr0d1w6Vu ec0xckaAOGlKhCti3urxPkwcwuTn4cyw9EYYS/Usku+Y3rFhzD0pT4R8v7TM1+XeRTV1 1dLw==
X-Gm-Message-State: AElRT7EpbandVEa9uK8IOhe8mbtFwGGqV//ZfEr4EYGNUS36NLmN4bM+ CM7fiLXStfnLiRDwNjy6J8k8QaUq9D1OuFcz8NYKJw==
X-Google-Smtp-Source: AG47ELvqHtP1BykaaUm8O1x2ZYl3ro8+B2o4FxujXJoLBD9mMXIBglhiJG9P1dMSk41+3M9Kth3jsvURy5QlghPGqsI=
X-Received: by 2002:a24:ed48:: with SMTP id r69-v6mr502605ith.14.1521566144845; Tue, 20 Mar 2018 10:15:44 -0700 (PDT)
MIME-Version: 1.0
References: <CAKD1Yr3rP24jQ6sMpoXZ3pU02FmvwDNc9=w2oAh4bMWZmEtQ_A@mail.gmail.com> <337A848A-F36A-45AD-9343-E1A14A5CBE1C@darou.fr>
In-Reply-To: <337A848A-F36A-45AD-9343-E1A14A5CBE1C@darou.fr>
From: David Bird <dbird@google.com>
Date: Tue, 20 Mar 2018 17:15:34 +0000
Message-ID: <CADo9JyX4GNPyWaF30VhTDDmf9VzVdFHLaC3YLsdGhAsSEUUjAQ@mail.gmail.com>
To: Pierre Pfister <pierre.pfister@darou.fr>
Cc: Lorenzo Colitti <lorenzo@google.com>, captive-portals@ietf.org
Content-Type: multipart/alternative; boundary="000000000000917c930567db398b"
Archived-At: <https://mailarchive.ietf.org/arch/msg/captive-portals/feeVYgqpEPpxDOzDCAUqVQ74CT8>
Subject: Re: [Captive-portals] Requirements for "captive portal closed" notifications
X-BeenThere: captive-portals@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Discussion of issues related to captive portals <captive-portals.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/captive-portals>, <mailto:captive-portals-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/captive-portals/>
List-Post: <mailto:captive-portals@ietf.org>
List-Help: <mailto:captive-portals-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/captive-portals>, <mailto:captive-portals-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 20 Mar 2018 17:15:52 -0000

On Tue, Mar 20, 2018, 9:56 AM Pierre Pfister <pierre.pfister@darou.fr>
wrote:

> Turning the requirements around I would add that sending ICMP messages
> based on a session being ‘almost done’ might be challenging from a
> router/hardware perspective. Routers might have to rate-limit such
> messages, and sometimes fail to send them.
>


My feeling is just the opposite.. the NAS knows perfectly when it will or
will not hold a session captive. If that NAS is being told what to do (e.g.
it isn't working on it's own counters, but relying on a radius server),
then the radius CoA could just come early with extra parameters (e.g.
'grace period' or even how many and how often to send icmp warnings...)



> So I would add that the ICMP message should only be relied upon as a
> backup mechanism to detect that something is wrong while the API mechanism
> already failed to detect that the session is almost over.
> In other words, I think the detection of a session being almost over is
> first and foremost a problem to be solved by the API mechanism, and as a
> backup (i.e. in case of inconsistency between the API and the Enforcement
> point), with the ICMP mechanism.
>
> - Pierre
>
> Le 20 mars 2018 à 15:29, Lorenzo Colitti <lorenzo@google.com> a écrit :
>
> Per discussion at the mike today on what we should do with the ICMP
> unreachable draft - here are some properties I think are necessary in a
> hint to the UE that the captive portal is closed.
>
> 1. The notification should not be easy to spoof. This is easiest to do by
> making it a hint to the UE that it should talk to the API.
>
>    - An ICMP message by itself is not secure. For example, it's trivial
>    for an off-path attacker to generate ICMP messages for sessions from
>    legitimate UEs to <popularwebsite>:443. Getting a UE to trust such a
>    message only requires getting the ephemeral port right, and many OSes have
>    a quite limited range of ephemeral ports.
>    - Tero points out that if we do want to secure such a message, then we
>    should not roll our own security but should use an existing, secure
>    protocol such as IPsec.
>
>
> 2. It should be possible to send the notification *before* the captive
> portal closes, to facilitate seamless connectivity. Ideally the user should
> be able to re-up the captive portal without having to wait until the
> network is dead or the device has switched to another network.
>
> 3. The notification should not be on a per-destination basis. A hint that
> conveys the information "you can reach facebook, but to reach CNN you need
> to upgrade to another service plan" is not technically infeasible but is
> unlikely ever to reach WG and IETF consensus and therefore I think we
> should not spend our time talking about it.
>
> 4. I'm not sure whether it's possible for the hint to be anything more
> than a binary "you are or will very soon be captive". Saying things like
> "an upgrade opportunity is available" may be hard to encode.
>
> Cheers,
> Lorenzo
> _______________________________________________
> Captive-portals mailing list
> Captive-portals@ietf.org
> https://www.ietf.org/mailman/listinfo/captive-portals
>
>
> _______________________________________________
> Captive-portals mailing list
> Captive-portals@ietf.org
> https://www.ietf.org/mailman/listinfo/captive-portals
>

v2.23.0 | Report a Bug | By Email