IETF Logo Mail Archive

Re: [Captive-portals] thoughts on two documents

Dave Dolson <ddolson@sandvine.com> Sun, 23 April 2017 16:09 UTC

Return-Path: <ddolson@sandvine.com>
X-Original-To: captive-portals@ietfa.amsl.com
Delivered-To: captive-portals@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 79CE4120227 for <captive-portals@ietfa.amsl.com>; Sun, 23 Apr 2017 09:09:31 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id XoVTSIu3I_AS for <captive-portals@ietfa.amsl.com>; Sun, 23 Apr 2017 09:09:29 -0700 (PDT)
Received: from mail1.sandvine.com (mail1.sandvine.com [64.7.137.165]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8FC6C1201FA for <captive-portals@ietf.org>; Sun, 23 Apr 2017 09:09:29 -0700 (PDT)
Received: from WTL-EXCHP-1.sandvine.com ([fe80::ac6b:cc1e:f2ff:93aa]) by WTL-EXCHP-3.sandvine.com ([::1]) with mapi id 14.03.0319.002; Sun, 23 Apr 2017 12:09:27 -0400
From: Dave Dolson <ddolson@sandvine.com>
To: Erik Kline <ek@google.com>, David Bird <dbird@google.com>, Kyle Larose <klarose@sandvine.com>
CC: "captive-portals@ietf.org" <captive-portals@ietf.org>
Thread-Topic: [Captive-portals] thoughts on two documents
Thread-Index: AQHSvD+4zvGMpP1GaU6yD/GYihqXHKHTH3YR
Date: Sun, 23 Apr 2017 16:09:26 +0000
Message-ID: <20170423160926.5161041.8476.9279@sandvine.com>
References: <CAAedzxqP4-JeBL5W-2zG7p1fxwT6oHj29WAPVyQWK-hz20rX3A@mail.gmail.com>
In-Reply-To: <CAAedzxqP4-JeBL5W-2zG7p1fxwT6oHj29WAPVyQWK-hz20rX3A@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-c2processedorg: b2f06e69-072f-40ee-90c5-80a34e700794
Content-Type: multipart/alternative; boundary="_000_20170423160926516104184769279sandvinecom_"
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/captive-portals/otKR8izQg7hlx-Rm3hjVAL-p9yo>
Subject: Re: [Captive-portals] thoughts on two documents
X-BeenThere: captive-portals@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Discussion of issues related to captive portals <captive-portals.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/captive-portals>, <mailto:captive-portals-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/captive-portals/>
List-Post: <mailto:captive-portals@ietf.org>
List-Help: <mailto:captive-portals-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/captive-portals>, <mailto:captive-portals-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 23 Apr 2017 16:09:31 -0000

Regarding the sacrificial q‎ueries, I would hope these are considered temporary measures to detect existing portals, not the preferred approach.

David Dolson
Sandvine
From: Erik Kline
Sent: Sunday, April 23, 2017 10:41 AM
To: David Bird; Kyle Larose
Cc: captive-portals@ietf.org
Subject: [Captive-portals] thoughts on two documents


All,

I have the vague feeling that there might be some general agreement around the idea of having an ICMP unreachable code for captive portals (like an HTTP 511 code [https://tools.ietf.org/html/rfc6585#section-6] for ICMP :-), and it seems like there's no objection from captive portal implementers with respect to the basic functional elements captured in draft-larose-capport-architecture.

Where I think some rough spots might lie for both of these is in their integration with as-yet-undecided new behaviour.

To that point, I would like to take my co-chair hat off and ask the authors and the group for opinions of the following.

[ draft-wkumari-capport-icmp-unreach ]

There was some unresolved discussion about the contents of any included extension. I wonder if the extra payload parts might be removed (Dave Dolson's comment, I think?) and thereby simplify this version of the document.  Given that Destination Unreachable is a TCP soft error (vis. RFC 5461) I'm not sure how much the proposed extra validation semantics are really adding.

If the document simply said that receiving and authenticating an ICMP message with the capport code generically "MAY/SHOULD trigger the receiving node's captive portal handling subsystem", would that be something that folks might agree on?

We'll need to run this whole thing by intarea and 6man as well, of course.

And nothing stops us from proposing a mulit-part extension to be optionally included in a future document, once the captive portal interaction recommendations are more fully understood.

[ draft-larose-capport-architecture ]

I felt it was promising to hear some agreement about the functional elements of a captive portal system as documented.

Given that the captive portal interaction process is still on-going work, would the document authors think it worth trying to advance the document with either (a) section 3 removed or (b) section 3 rewritten to describe broadly how most clients behave today?  Even given the variety of clients I think it could be roughly captured (e.g. make a few sacrificial queries to trigger DNS/HTTP rewrites, keep trying until a sacrificial query produces an expected result while launching an HTTP-capable application, and so on).

-Erik

v2.23.0 | Report a Bug | By Email