IETF Logo Mail Archive

Re: [Captive-portals] Questions about PvD/API

Erik Kline <ek@google.com> Wed, 27 September 2017 06:44 UTC

Return-Path: <ek@google.com>
X-Original-To: captive-portals@ietfa.amsl.com
Delivered-To: captive-portals@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1C17912895E for <captive-portals@ietfa.amsl.com>; Tue, 26 Sep 2017 23:44:37 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.701
X-Spam-Level:
X-Spam-Status: No, score=-2.701 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=google.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id z6z5p-CENxFt for <captive-portals@ietfa.amsl.com>; Tue, 26 Sep 2017 23:44:35 -0700 (PDT)
Received: from mail-wm0-x230.google.com (mail-wm0-x230.google.com [IPv6:2a00:1450:400c:c09::230]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 07C5C126D0C for <captive-portals@ietf.org>; Tue, 26 Sep 2017 23:44:35 -0700 (PDT)
Received: by mail-wm0-x230.google.com with SMTP id r74so14382124wme.4 for <captive-portals@ietf.org>; Tue, 26 Sep 2017 23:44:34 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=0tcrqlDq+kiQwwvrklPS5WIv00a52qFeCyRM/CgJ49E=; b=BBex24P95pmiM6KHe2qBd5jZNYsODksTMIulOzlc67j2r0+aDIBC5tpTnn+LWJs76T YwpT1FcbQqIShJhLCS3WQdebbvoX/70xGPY+xM2PTNHSYd/sOiuWIv6laGbsF6/KcGP+ CQA4MDsL9eWmJZXWuG6lxDto+lCq4CcBDWoHitI/2kBmyloCqfOHxagM5niToBNvA7tO 2irJHTeplzHTwpOXHLJCaYJoWdYrMY7EfVPkT3TQS3orhyiRBd49CVyZDzX3enS/yAHu zX7+OpRsmV31raTr4vUhP8OeFn+PTaM6hrMwVm8vGHY7+CBguu11ElbUMZo3LqldK0qC pzHA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=0tcrqlDq+kiQwwvrklPS5WIv00a52qFeCyRM/CgJ49E=; b=dxSP5fTB5MdXOta63zS3nIoXaffXVurZzyZ0wVRyk3RdSLmbyNhPXCkOp7z8uWo033 Dti9hVisOeydQS+mjZhMXN6VpFeHh1e9rgHfucKVb0UwjIbvxhMvfDmO+kg4bXyTXE2y U2Hjo0PlJihhUR51HH9C7OHDwL3pUJxpzzjthkpoDMbsVHkGJzuvt+RCUe1eBuVRpyPd PRGnMChJxJqLXeYO0zh58HkC2O4aePYxs3qjiP81A4kXKDQFS8J2CEKLUcluDDbrjkS/ Fa76sBNpAcs7DBIt5vIHFpqcmndLVdfURvHIkdyuMmsUTUsc39co60J78zEJqg0D8UMS RocA==
X-Gm-Message-State: AHPjjUghID8sUvA8r5ZQObBUqUDMpMPjBZIqMyHyRnkS6hLzExDZuGAx r/mq8ec1QQPOaKHGXtG/3qAmkqM7U1YosrXTXVFOGg==
X-Google-Smtp-Source: AOwi7QDAVTHKJ6KPK0paXjkYfwTQV56xccbjtZ3N0FjHZ0+x5uSDaAqwDUc5YZBwbwqY50zaotIjYc5SKMM76XHy2jE=
X-Received: by 10.28.130.131 with SMTP id e125mr616287wmd.125.1506494673045; Tue, 26 Sep 2017 23:44:33 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.28.213.9 with HTTP; Tue, 26 Sep 2017 23:44:12 -0700 (PDT)
In-Reply-To: <CADo9JyXtkA2QB8GYzcxYqu80HwvXt0zgcZ852b3Tvvn3yi2wTA@mail.gmail.com>
References: <CADo9JyU+XGYFWdNeXOBw1O43Pjyn0jZhGxDTb7VbLF+Jg4Xj4w@mail.gmail.com> <CAAedzxq4UhueFW=U-Tuc1gvG8Tapc7VE7BM2Akt9OXuzN3jLyQ@mail.gmail.com> <CADo9JyW0J7xzaosG5PJOFPHMy2g6vZ1cVpW6_YsuOdaKWqumkQ@mail.gmail.com> <A5B74413-32D8-4FE4-BDF7-DAA95266AAF4@apple.com> <CADo9JyUJTPRT9454VdZEM1nwFfxPSrMX3+Uk9i325uboQUya7g@mail.gmail.com> <7B520EA6-7B55-46B1-B084-F1CADF7DE28B@apple.com> <CADo9JyVSW5==nQOUMUUYWj743LmZCUjE9=W-YXnK-KMS-88AoQ@mail.gmail.com> <CABkgnnV1OT_29fdNbCDDJMgeRDNeOM8u2PYA94opo+ujj2=Avw@mail.gmail.com> <CADo9JyUdBZbBmwE0B21ryFuefQEaTiWLHD-w8AZSyWACH9u2dg@mail.gmail.com> <CABkgnnWbhHOmZRsvpEb0XusRtUJUPp7vpdM7V_4nLnC_B-mfKQ@mail.gmail.com> <CADo9JyUP_FWznzDWDO1s9-8B8-hMAUkFAMaa68uUZ1xR8CKHyw@mail.gmail.com> <CAKD1Yr0OrthUda3+ic3g83vWEpBATpcF4Z=4ENNg+ZuyySDMdg@mail.gmail.com> <CADo9JyW=wYh5y87KZrfs56fFze_VkdvUt-hF_SNeokPONxDuGA@mail.gmail.com> <CAKD1Yr2GpTX9NPTNJVbGjF+PxuNNyhgaRNjr0qMW90rVHeM_+g@mail.gmail.com> <98352984-4E92-42EC-97FE-B652C0FC41AF@apple.com> <CADo9JyVzW3TxFCHv=1N=Qsm2Th7gw7Yby8mdG2hOVWQQ_9YGpw@mail.gmail.com> <CAKD1Yr0_ksXDy6Ckc6RuFjYf+t4fiA4dJfAToZjfgrqed4h4QA@mail.gmail.com> <B05E727C-6F8B-438F-8DC9-1B1528CE73A5@apple.com> <D2A19ABBC0147C40BFBB83D1CF3E95F04010655B@wtl-exchp-2.sandvine.com> <CABkgnnXdMDd2BF0r0ekmwxFECSiLPxPruc46BpVTNDCFz8+Tvg@mail.gmail.com> <CADo9JyVUE89QZajqxQ+0ofXY3L5vDSj18cXvFpXG1ViXeCnqhQ@mail.gmail.com> <CABkgnnVX8s5+MPeY=XRnc3Vkmf9gg3GY2-MxhSrVq98B_odGcg@mail.gmail.com> <CADo9JyVetrad0b1WMXfCHhBHy2x2Ew7oM0Stpq4qVfBnWuEtNg@mail.gmail.com> <CABkgnnW4h6RQHtyKfLzOtA4HuuMxfEKYmCnB1HTo5hEMVKQRaw@mail.gmail.com> <CADo9JyW932m0C_OKEHwS_9_S0oH7m-Z9ocM3jTHkumzto6sncw@mail.gmail.com> <CABkgnnWWB6-VtteJZ6o7_FY6haC8r0JPkoY1wMfFtwJ8VKaweg@mail.gmail.com> <CADo9JyV9t6KCf59ykm=+gHrR+CpkwBuKJVfaKpg=wVpZmiermg@mail.gmail.com> <CADo9JyUKuSCsUMAF5kZ7w5oL520ws8m6Gt5V_8JQQrKhkpctvA@mail.gmail.com> <CADo9JyXtkA2QB8GYzcxYqu80HwvXt0zgcZ852b3Tvvn3yi2wTA@mail.gmail.com>
From: Erik Kline <ek@google.com>
Date: Wed, 27 Sep 2017 15:44:12 +0900
Message-ID: <CAAedzxqSy+xOPFwLQ5mh-HV88sdqvkQe+HgiHjw0HdnNOcftzQ@mail.gmail.com>
To: David Bird <dbird@google.com>
Cc: captive-portals@ietf.org
Content-Type: multipart/signed; protocol="application/pkcs7-signature"; micalg="sha-256"; boundary="001a11443028e1bf30055a261f20"
Archived-At: <https://mailarchive.ietf.org/arch/msg/captive-portals/jV2YFoK6TyRkdsyCR_ZHSwE1rtU>
Subject: Re: [Captive-portals] Questions about PvD/API
X-BeenThere: captive-portals@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Discussion of issues related to captive portals <captive-portals.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/captive-portals>, <mailto:captive-portals-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/captive-portals/>
List-Post: <mailto:captive-portals@ietf.org>
List-Help: <mailto:captive-portals-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/captive-portals>, <mailto:captive-portals-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 27 Sep 2017 06:44:37 -0000

> 5.1.1.  Associating User Equipment with its URL
>
>    The CAPPORT API Server SHOULD associate an incoming request with a
>    particular User Equipment consistently.  [TODO: specify how this
>    would happen.]
>
> This becomes a pretty important point because it can't be that each DHCP or
> RA is custom formatted for each station with a UE specific URL. It also
> needs to be a MUST if the API is returning information about
> 'bytes_remaining' and such. Or, does the UE self report it's MAC to the
> API/PvD? The service needs some way of associating that API/PvD session with
> the RADIUS accounting stream.

<no chair hat>

This is a very critical question, imho.

No captive portal vendor would want to trust clients to self-identify
their MAC addresses.  And even non-malicious clients might be prone to
introducing errors (say, by presenting the random MAC used during
scanning and not [as a result of a bug] the actual MAC used for the
session).

Given that, it seems the network infrastructure itself must be the
element that adds MAC addresses, or some equivalent token, in
communications with the API endpoint.  Yes?

v2.23.0 | Report a Bug | By Email