Re: [Captive-portals] Éric Vyncke's No Objection on draft-ietf-capport-architecture-08: (with COMMENT)
"Eric Vyncke (evyncke)" <evyncke@cisco.com> Sun, 14 June 2020 15:30 UTC
Return-Path: <evyncke@cisco.com>
X-Original-To: captive-portals@ietfa.amsl.com
Delivered-To: captive-portals@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4ED2B3A05DC; Sun, 14 Jun 2020 08:30:53 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -9.598
X-Spam-Level:
X-Spam-Status: No, score=-9.598 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com header.b=A4Qo8CHd; dkim=pass (1024-bit key) header.d=cisco.onmicrosoft.com header.b=jjb3K5yB
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id uodP5Q9tTn54; Sun, 14 Jun 2020 08:30:51 -0700 (PDT)
Received: from alln-iport-1.cisco.com (alln-iport-1.cisco.com [173.37.142.88]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 436B73A059F; Sun, 14 Jun 2020 08:30:51 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=12214; q=dns/txt; s=iport; t=1592148651; x=1593358251; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-id:content-transfer-encoding: mime-version; bh=SCVBgadnT68NWPHOCGZtOaoaASPsXIWgKyxBWbl/XJE=; b=A4Qo8CHdcjGUvOvY9E5vU67/Mv28dVaxEmdUMChk2B1CDXBasOZMZSHp uoda4qDT7CE7OKmOWAzGA7nomPOBDrBhSB1yV8+FF0rB370fZwD3txBXV CUshiKLAM0cTXttbNY+CtJFhU0A+MCCByRtXfH0FZKpncyV6rRMc3cN0F w=;
IronPort-PHdr: 9a23:Wf7GNBEYWL6/CEhlAOlfLZ1GYnJ96bzpIg4Y7IYmgLtSc6Oluo7vJ1Hb+e401gebVIra7/NPlvGQuKflCiQM4peE5XYFdpEEFxoIkt4fkAFoBsmZQVb6I/jnY21ffoxCWVZp8mv9PR1TH8DzNFTdo3mz5iMJXB74MFk9KuH8AIWHicOx2qi78IHSZAMdgj27bPtyIRy6oB+XuNMRhN5pK706zV3CpX4bdg==
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: A0CZBQAuQuZe/4kNJK1cAQkcAQEBAQEBBwEBEgEBBAQBAUCBSoFSUQeBRy8shCSDRgONPZhSgUKBEANVCwEBAQwBAS0CBAEBhEQCF4IVAiQ4EwIDAQELAQEFAQEBAgEGBG2FWwyFcgEBAQEDEhERDAEBKg0BCwQCAQgRAQIBAgECAiYCAgIwFQIDAwgCBA4FGweDBIJMAy4BqCwCgTmIYXaBMoMBAQEFhTcYgg4JgQ4qgmSCS4cbGoFBP4ERJxyBT34+g38RARQYgxQzgi2LBYNrDhWCVDyJPogakEYKglmTT2mEYwMdgnCJGoUajUOED6cahBsCBAIEBQIOAQEFgWoigVZwFWUBgj5QFwINjh4MFxSDOopWdDcCBgEHAQEDCQF7j2RgAQE
X-IronPort-AV: E=Sophos;i="5.73,511,1583193600"; d="scan'208";a="496071950"
Received: from alln-core-4.cisco.com ([173.36.13.137]) by alln-iport-1.cisco.com with ESMTP/TLS/DHE-RSA-SEED-SHA; 14 Jun 2020 15:30:47 +0000
Received: from XCH-ALN-003.cisco.com (xch-aln-003.cisco.com [173.36.7.13]) by alln-core-4.cisco.com (8.15.2/8.15.2) with ESMTPS id 05EFUlS1013751 (version=TLSv1.2 cipher=AES256-SHA bits=256 verify=FAIL); Sun, 14 Jun 2020 15:30:47 GMT
Received: from xhs-rtp-001.cisco.com (64.101.210.228) by XCH-ALN-003.cisco.com (173.36.7.13) with Microsoft SMTP Server (TLS) id 15.0.1497.2; Sun, 14 Jun 2020 10:30:47 -0500
Received: from xhs-rcd-001.cisco.com (173.37.227.246) by xhs-rtp-001.cisco.com (64.101.210.228) with Microsoft SMTP Server (TLS) id 15.0.1497.2; Sun, 14 Jun 2020 11:30:47 -0400
Received: from NAM11-CO1-obe.outbound.protection.outlook.com (72.163.14.9) by xhs-rcd-001.cisco.com (173.37.227.246) with Microsoft SMTP Server (TLS) id 15.0.1497.2 via Frontend Transport; Sun, 14 Jun 2020 10:30:46 -0500
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=Va1rgCdc25NxkpG+mh4edor3cOi4DLlpPiBramnXaCEmJBltD/PrTUwo1aMvizkCVI1l2i0/eIFkiTvxLN3Yhr3XvqOozJ2w28dAOc7zCn5/FTdux7nEIopi5JOktvixyykzTeyI5YeiN9JGNipHobpRcyDEIA3zyg4TTO/DKOJ49galnV+U/B7KhGDkrYpqDcbl1a1TA7u30WWTryg4MVx1W/WOl64z2Iwuo0QGskSKdbi4kiV/ET0nIE8m0RqG5MEte+rH2bagrn5Vc66sWEJDru/CiaVTpMW519Avqwt9c5Iy2yM1/Lk0M6QQNb+hRtKMR/LgtB/VzCWclFcDiw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=SCVBgadnT68NWPHOCGZtOaoaASPsXIWgKyxBWbl/XJE=; b=oRVqTn+fiUuu/wWc9T57HRbr7tWuYVKgdJ2FLwtaDuCrTJZNJstFL5ybjyUV29pNWwmF5DqMZoJ15cuM+2107J9ubjQsEOUYbniJ5Zrwl4272QEjwKlgKgHdxNY5J4JUKNOx3rqpehLTb8lzkoEv+pSlxwxiX9rxvrChdjpp0T50bJ7DVvHbfn/4UXMHgypYKE5SN9FK/f2YZiPFzV5f8c42rPdPM++3TuYZipMukt+qz/hzbUcVT9k9/nbynlo+05oK85Kdv5faH1weQKyOs/ILad6P6791sClwcEQGzd6Z60Q5VRnZ4tnvkhIypTAlv0RjVwB8vhmZ8rB/wl8mFw==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=cisco.com; dmarc=pass action=none header.from=cisco.com; dkim=pass header.d=cisco.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cisco.onmicrosoft.com; s=selector2-cisco-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=SCVBgadnT68NWPHOCGZtOaoaASPsXIWgKyxBWbl/XJE=; b=jjb3K5yBQB0KF3ACOxSkYk3MOxrbfWW84tdFfZ7PlhPsodjyMEdU29xncBzx97H0O9R6zy58w45aKKbwhBoWMmn+pYJ99Iw+vJyDbbO3FZE7RbCn89V+SWfNtF1SXCFKsD4M6FwL1Ta9dwMBaZEKueoNhQ9KvcZbnOxpOfaUZGM=
Received: from DM5PR11MB1753.namprd11.prod.outlook.com (2603:10b6:3:10d::13) by DM6PR11MB4298.namprd11.prod.outlook.com (2603:10b6:5:204::21) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3088.18; Sun, 14 Jun 2020 15:30:43 +0000
Received: from DM5PR11MB1753.namprd11.prod.outlook.com ([fe80::a14c:59b6:47b0:f630]) by DM5PR11MB1753.namprd11.prod.outlook.com ([fe80::a14c:59b6:47b0:f630%7]) with mapi id 15.20.3088.028; Sun, 14 Jun 2020 15:30:43 +0000
From: "Eric Vyncke (evyncke)" <evyncke@cisco.com>
To: Kyle Larose <kyle@agilicus.com>
CC: The IESG <iesg@ietf.org>, "draft-ietf-capport-architecture@ietf.org" <draft-ietf-capport-architecture@ietf.org>, "capport-chairs@ietf.org" <capport-chairs@ietf.org>, captive-portals <captive-portals@ietf.org>, Martin Thomson <mt@lowentropy.net>
Thread-Topic: Éric Vyncke's No Objection on draft-ietf-capport-architecture-08: (with COMMENT)
Thread-Index: AQHWPlud5bKfG7+TK0CBXB3Ry3RUfKjQ7+6AgAdOP4CAACgqAA==
Date: Sun, 14 Jun 2020 15:30:43 +0000
Message-ID: <3E1A71D0-F0BC-411D-9A0A-062054DB5EDB@cisco.com>
References: <159162520700.29504.9009111229374325326@ietfa.amsl.com> <CACuvLgywX+6jejmcP6mvOQkcraGXpugv_DUjVev__ON3KaqFDw@mail.gmail.com> <DBD270C7-9B34-4CAF-A73B-13B135F38893@cisco.com> <CACuvLgzUfKxbOn51k7uipW1osTDHBrZWbtGZn29PUS2w0b41pg@mail.gmail.com>
In-Reply-To: <CACuvLgzUfKxbOn51k7uipW1osTDHBrZWbtGZn29PUS2w0b41pg@mail.gmail.com>
Accept-Language: fr-BE, en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/16.37.20051002
authentication-results: agilicus.com; dkim=none (message not signed) header.d=none;agilicus.com; dmarc=none action=none header.from=cisco.com;
x-originating-ip: [2001:420:c0c1:36:3cf7:5b91:1f6b:1bdc]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: dd23518f-bcb5-4528-6c1c-08d81077e72c
x-ms-traffictypediagnostic: DM6PR11MB4298:
x-microsoft-antispam-prvs: <DM6PR11MB4298448BEF1C2C53E4801D90A99F0@DM6PR11MB4298.namprd11.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:10000;
x-forefront-prvs: 04347F8039
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: DvfQFs7BcctO/siAZqoz/RtbHKaDOYjgB4LNQHgwJLoQX7qVbkYgMSP3BxpqquyGbTz9tNFBXst8FnGkAQWEDRh3z7bVmrq2XuQODrqaKHDRPGh2mC9wLa1mAecSMmNqqpAxwIiwhOWnk1mbZLaC95sb+Zre7ZTczwVxiJ0Nd436OOzObrxvcHSpw9bcZstFlEmS1yH3ddymO0LAxZaRB9SQh18lLlhCYykyUQ3ITPqJ/9vBroufxYJ84G4r0bzoOzmJMfH+APQATIibmIz72A7xIX9KYmqxjOIKsT7Onaq/zPUdtpQ0uJfjVqH7kAk5poZx2kUrzF+v0OloobGS2Q==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:DM5PR11MB1753.namprd11.prod.outlook.com; PTR:; CAT:NONE; SFTY:; SFS:(4636009)(136003)(396003)(366004)(39860400002)(376002)(346002)(2616005)(66946007)(36756003)(33656002)(91956017)(66476007)(76116006)(66556008)(224303003)(71200400001)(66446008)(64756008)(86362001)(478600001)(53546011)(6916009)(66574014)(186003)(8936002)(5660300002)(6486002)(54906003)(83380400001)(4326008)(2906002)(6512007)(316002)(6506007); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata: RSyY67F7VY6wJPCjqYknQ6G95Jjw28msnGjjGqHqi+DxNlk8hg/oYy90G3lUmWirfSRDTiJ+7i3w9ugaRXh5GHZZCTvYr+PlCVIdwGIuk/o5ktQzdRqCcbd8zII5IvJVhcR/zQku+IVcDCW/7LvYfxYUFCPh3ErZOPRWwH37oTUdDOYhNkdVIRU+A3K/gGoawHERL8q5RIJgRK/orFYtzxDCuL9y6ttHjZLkcGmI7o5SLdSo7gE7fBHPaQcWt8yTYQlAwHrSoPr6TLP2k5b3AC8D86ZHMsGdl+oHfi+tI3P2Q0aP8FI+/ZC99nFH13KU0gaHHCahc/J7YOT1a0FiAyjyCn5Ldw6mN9GPvXm+1g3neg+O1Ja4zzhLC4ZR28IMF/FLNE+8QSXrb0bVEzddA96MEC/P2vMojd3ACsl0mZx3+vKhbhBtIen/HnNvETSgo5AbOlpR1q/S4whhb6p5cqgQp331wtwfrteibV1dqNt10ngJcca/P9byidO1viyBNxAM3x5rE3iO8GdN7G3rre8+YIpO5n7Vyuj9ktqDSZw=
x-ms-exchange-transport-forked: True
Content-Type: text/plain; charset="utf-8"
Content-ID: <182417E2B6BB2341AFDE1E5135CBEEC0@namprd11.prod.outlook.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-Network-Message-Id: dd23518f-bcb5-4528-6c1c-08d81077e72c
X-MS-Exchange-CrossTenant-originalarrivaltime: 14 Jun 2020 15:30:43.7226 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 5ae1af62-9505-4097-a69a-c1553ef7840e
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: Kzmkc/4nw0o/5g/cPvsKQmk29FtJ1DhRfCITrTZvrLNgGn83qZgJ6W5FWwxEFWOOrGKjbwrYhGeUPihJr6bxXA==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM6PR11MB4298
X-OriginatorOrg: cisco.com
X-Outbound-SMTP-Client: 173.36.7.13, xch-aln-003.cisco.com
X-Outbound-Node: alln-core-4.cisco.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/captive-portals/i5-N6gNjj5mm5cfI-Epcp5IbbcI>
Subject: Re: [Captive-portals] Éric Vyncke's No Objection on draft-ietf-capport-architecture-08: (with COMMENT)
X-BeenThere: captive-portals@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Discussion of issues related to captive portals <captive-portals.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/captive-portals>, <mailto:captive-portals-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/captive-portals/>
List-Post: <mailto:captive-portals@ietf.org>
List-Help: <mailto:captive-portals-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/captive-portals>, <mailto:captive-portals-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 14 Jun 2020 15:30:53 -0000
Thank you Kyle, I appreciate your answer and your comments. Good to go ;-) -éric -----Original Message----- From: Kyle Larose <kyle@agilicus.com> Date: Sunday, 14 June 2020 at 17:07 To: Eric Vyncke <evyncke@cisco.com> Cc: The IESG <iesg@ietf.org>, "draft-ietf-capport-architecture@ietf.org" <draft-ietf-capport-architecture@ietf.org>, "capport-chairs@ietf.org" <capport-chairs@ietf.org>, captive-portals <captive-portals@ietf.org>, Martin Thomson <mt@lowentropy.net> Subject: Re: Éric Vyncke's No Objection on draft-ietf-capport-architecture-08: (with COMMENT) Thanks again, Eric. Resposnes inline. I'll take the same approach as you did, with KL> On Tue, 9 Jun 2020 at 17:33, Eric Vyncke (evyncke) <evyncke@cisco.com> wrote: > > Hello Kyle > > Thank you for the prompt reply, look for EV> for any remaining non-blocking comments of mine > > -eric > > -----Original Message----- > From: Kyle Larose <kyle@agilicus.com> > Date: Tuesday, 9 June 2020 at 14:43 > To: Eric Vyncke <evyncke@cisco.com> > Cc: The IESG <iesg@ietf.org>, "draft-ietf-capport-architecture@ietf.org" <draft-ietf-capport-architecture@ietf.org>, "capport-chairs@ietf.org" <capport-chairs@ietf.org>, captive-portals <captive-portals@ietf.org>, Martin Thomson <mt@lowentropy.net> > Subject: Re: Éric Vyncke's No Objection on draft-ietf-capport-architecture-08: (with COMMENT) > > Hi Éric, > > Thanks for the review! > > Responses inline. > > On Mon, 8 Jun 2020 at 10:07, Éric Vyncke via Datatracker > <noreply@ietf.org> wrote: > > > > Éric Vyncke has entered the following ballot position for > > draft-ietf-capport-architecture-08: No Objection > > > > > ---------------------------------------------------------------------- > > COMMENT: > > ---------------------------------------------------------------------- > > > > Thank you for the work put into this document. The document is easy to read. I > > also appreciate the fact that "devices without user interfaces" are not ignored > > by this document. > > > > Please find below a couple on non-blocking COMMENTs. A response/comment for > > those COMMENT will be read with interest. > > > > I hope that this helps to improve the document, > > > > Regards, > > > > -éric > > > > == COMMENTS == > > > > Is there a reason why the words "captive portal" do not appear in the abstract? > > This would assist normal human beings (outside of the WG) to find the document. > > > > Good point! We'll fix that up. > > > I found no text about what happens to the traffic inside the captive network. > > Is it allowed even when still in captive mode ? > > This would be up to the network operator, I suppose -- they define the > extent of the walled garden. The only hosts that must be reachable are > any necessary to perform the workflows related to gaining access. The > document mentions those in a few places. In section 2.4, the document > states: > > Typically User Equipment is permitted access to a small number of > services and is > denied general network access until it satisfies the Captive Portal > Conditions. > > Perhaps we could add some language indicating that this isn't intended > to be a normative requirement -- the restrictions placed by the > captive portal depend on its use-case. > > EV> you may add "(.g., local communication)" after "small number of services" ? KL> Thanks for the suggestion! We'll clarify along those lines. > > > > -- Section 1.2 -- > > Even if the document support "devices without user interfaces", I wonder why > > the I-D uses "User Equipment" rather than "Client Equipment" (which is also > > more aligned with "Server"). Nothing dramatic, just curious about the reason. > > > > This is the language that evolved during our discussions. I can't > recall any particular reason we chose this. > > Does anyone with a better memory than me remember why we chose User > Equipment over Client Equipment? > > EV> nothing critical and possibly impacting too many other documents to be changed now > > > -- Section 2.1 -- > > "At this time we consider only devices with web browsers" while the previous > > text was about "devices without user interfaces". Finally, is this document for > > devices with or without human interface ? > > When we first set out to tackle the architecture, we were hoping to > solve the problem for devices without user interfaces. However, the > working group aligned on solving it for the simpler use-case of > devices with user interfaces. > > To ensure we're talking about the same thing, the earlier text you're > referring to is this, correct? > > EV> correct > > -- Section 1 -- > > A side-benefit of the architecture described in this document is that > devices without user interfaces are able to identify parameters of > captivity. However, this document does not yet describe a mechanism > for such devices to escape captivity. > > Our intent was to point out that solutions for devices without user > interfaces could be developed using the mechanisms provided by the > architecture, but that those solutions were out of scope for the > document. > > Which text do you think conflicts with that? Perhaps we should > rephrase it to be less confusing. > > EV> I would suggest that at the first mention of " devices without user interfaces", the text mention "for future version" or something in the same line. The focus on user-interface devices is written a little too deep in the document, should come earlier in the text to avoid confusion. KL> Thanks again for the suggestion. In section 1, where we first mention these devices, I'll add text along the following lines: "A future document could provide a solution for devices without user interfaces. This document focuses on devices with user interfaces." > > > > > -- Section 2.6 -- > > While the components are described as being optional collocated, what about > > resiliency ? I.e., having two different instances on one component. > > > > That's a good point (and one I was thinking about the other day!) We > should add some text pointing that out. Let's mention scale for good > measure as well. > > > -- Section 3.4.2 --- > > While I appreciate that the section contains text about multiple IPv6 > > addresses, I suggest to mention the dual-stack use case explicitly. > > > > I.e. something like > > "Further attention should be paid to a device using dual-stack > [rfc4213]: it could have both an IPv4 and an IPv6 address at the same > time. There could be no properties in common between the two > addresses, meaning that some form of mapping solution could be > required to form a single identity from the two address" > > EV> perfect ;-) > > > -- Section 3.4 -- > > I was expecting to see the MAC address also used as identifier. Is there any > > reason why it is not mentioned? If so, may I suggest to document the absence of > > a MAC address section in the examples? > > > > This was also raised during an earlier last call. The primary reason > to leave it out was brevity, but there were some concerns about its > security as well. Perhaps we can leave a simple note along the lines > of the following since it is likely others will ask the same question: > > "The MAC address of a device is often used as an identity in existing > implementations. A discussion of it has been omitted for brevity, but > the MAC address could be used subject to the criteria in section 3.2" > > EV> could be good. And, I am not sure whether it is more difficult to spoof an IP address vs. a MAC address. But, the added text is enough for me > > -éric > > > > > > > Thanks! > > Kyle >
- [Captive-portals] Éric Vyncke's No Objection on d… Éric Vyncke via Datatracker
- Re: [Captive-portals] Éric Vyncke's No Objection … Kyle Larose
- Re: [Captive-portals] Éric Vyncke's No Objection … Eric Vyncke (evyncke)
- Re: [Captive-portals] Éric Vyncke's No Objection … Kyle Larose
- Re: [Captive-portals] Éric Vyncke's No Objection … Eric Vyncke (evyncke)
- Re: [Captive-portals] Éric Vyncke's No Objection … David Dolson
- Re: [Captive-portals] Éric Vyncke's No Objection … Eric Vyncke (evyncke)