IETF Logo Mail Archive

Re: [Captive-portals] Questions about PvD/API

Tommy Pauly <tpauly@apple.com> Thu, 24 August 2017 15:14 UTC

Return-Path: <tpauly@apple.com>
X-Original-To: captive-portals@ietfa.amsl.com
Delivered-To: captive-portals@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 49DE81329B7 for <captive-portals@ietfa.amsl.com>; Thu, 24 Aug 2017 08:14:41 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.3
X-Spam-Level:
X-Spam-Status: No, score=-4.3 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=apple.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id nlkxjPcdHQ2s for <captive-portals@ietfa.amsl.com>; Thu, 24 Aug 2017 08:14:39 -0700 (PDT)
Received: from mail-in21.apple.com (mail-out21.apple.com [17.171.2.31]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 980DC1321EB for <captive-portals@ietf.org>; Thu, 24 Aug 2017 08:14:39 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; d=apple.com; s=mailout2048s; c=relaxed/simple; q=dns/txt; i=@apple.com; t=1503587678; h=From:Sender:Reply-To:Subject:Date:Message-id:To:Cc:MIME-version:Content-type: Content-Transfer-Encoding:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-reply-to:References:List-Id: List-Help:List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive; bh=C7je/KmqDpJnvidYUIfXPBJc52LlUCa7Ve2LhNm8XKo=; b=row4S+vX8QH8a1fntyENYYJ3FS6Fd5/rVSXae2yVW+VUqwAVjhH4bHlkq2gAlfX/ r6Nsh3/rK1SGmLW6G4xgOIKsSIAEOhpKvIZDlicyvylwAo8KBYNRlLEHf3aLfUpR Fgk1nEl91zrIy46gsf/18+A0VRLj6V0ML+kzc45d2gPaBh4yolFaGoxZ1yc6HmM4 FvcYG7t1Ob/DymMw+2oxXP0uNL4yZFt0da4wZgOKAlwnopvTWIkZ8paw9yw6RTio RUX3jH2y4TDs81NpEkHgrPz72V3NaYxg+wdgfAYKHAnPWPWvT0YMbjSluAZaWb+j p0DStQSwRSNP+xjxAQ9TRQ==;
Received: from relay7.apple.com (relay7.apple.com [17.128.113.101]) (using TLS with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mail-in21.apple.com (Apple Secure Mail Relay) with SMTP id AC.7A.21774.E5DEE995; Thu, 24 Aug 2017 08:14:38 -0700 (PDT)
X-AuditID: 11ab0215-922009c00000550e-c5-599eed5e9c2a
Received: from nwk-mmpp-sz13.apple.com (nwk-mmpp-sz13.apple.com [17.128.115.216]) by relay7.apple.com (Apple SCV relay) with SMTP id 96.2D.07283.E5DEE995; Thu, 24 Aug 2017 08:14:38 -0700 (PDT)
MIME-version: 1.0
Content-type: multipart/alternative; boundary="Boundary_(ID_gUHhec9nTlimM+ZoEQGcww)"
Received: from [17.234.50.132] by nwk-mmpp-sz13.apple.com (Oracle Communications Messaging Server 8.0.1.2.20170621 64bit (built Jun 21 2017)) with ESMTPSA id <0OV700KD13ODNJ10@nwk-mmpp-sz13.apple.com>; Thu, 24 Aug 2017 08:14:38 -0700 (PDT)
Sender: tpauly@apple.com
From: Tommy Pauly <tpauly@apple.com>
Message-id: <98352984-4E92-42EC-97FE-B652C0FC41AF@apple.com>
Date: Thu, 24 Aug 2017 08:14:36 -0700
In-reply-to: <CAKD1Yr2GpTX9NPTNJVbGjF+PxuNNyhgaRNjr0qMW90rVHeM_+g@mail.gmail.com>
Cc: David Bird <dbird@google.com>, Erik Kline <ek@google.com>, "Eric Vyncke (evyncke)" <evyncke@cisco.com>, captive-portals@ietf.org, Martin Thomson <martin.thomson@gmail.com>
To: Lorenzo Colitti <lorenzo@google.com>
References: <CADo9JyU+XGYFWdNeXOBw1O43Pjyn0jZhGxDTb7VbLF+Jg4Xj4w@mail.gmail.com> <CAAedzxq4UhueFW=U-Tuc1gvG8Tapc7VE7BM2Akt9OXuzN3jLyQ@mail.gmail.com> <CADo9JyW0J7xzaosG5PJOFPHMy2g6vZ1cVpW6_YsuOdaKWqumkQ@mail.gmail.com> <A5B74413-32D8-4FE4-BDF7-DAA95266AAF4@apple.com> <CADo9JyUJTPRT9454VdZEM1nwFfxPSrMX3+Uk9i325uboQUya7g@mail.gmail.com> <7B520EA6-7B55-46B1-B084-F1CADF7DE28B@apple.com> <CADo9JyVSW5==nQOUMUUYWj743LmZCUjE9=W-YXnK-KMS-88AoQ@mail.gmail.com> <CABkgnnV1OT_29fdNbCDDJMgeRDNeOM8u2PYA94opo+ujj2=Avw@mail.gmail.com> <CADo9JyUdBZbBmwE0B21ryFuefQEaTiWLHD-w8AZSyWACH9u2dg@mail.gmail.com> <CABkgnnWbhHOmZRsvpEb0XusRtUJUPp7vpdM7V_4nLnC_B-mfKQ@mail.gmail.com> <CADo9JyUP_FWznzDWDO1s9-8B8-hMAUkFAMaa68uUZ1xR8CKHyw@mail.gmail.com> <CAKD1Yr0OrthUda3+ic3g83vWEpBATpcF4Z=4ENNg+ZuyySDMdg@mail.gmail.com> <CADo9JyW=wYh5y87KZrfs56fFze_VkdvUt-hF_SNeokPONxDuGA@mail.gmail.com> <CAKD1Yr2GpTX9NPTNJVbGjF+PxuNNyhgaRNjr0qMW90rVHeM_+g@mail.gmail.com>
X-Mailer: Apple Mail (2.3439)
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFvrELMWRmVeSWpSXmKPExsUi2FCYqhv3dl6kwZzZRhZzZzWwWnz6sZ3R 4vPteewWX/YvYLRYf/odo8W1M/8YHdg8pvzeyOqxc9Zddo8Fm0o9liz5yRTAEsVlk5Kak1mW WqRvl8CVcXLdVfaCTsOKR2/fMDUwbtfqYuTkkBAwkejtf8ncxcjFISSwlkmi9/JHZpjExM4f bBCJQ4wSa75cYAJJ8AoISvyYfI8FxGYWCJM4MHUHC0TRV0aJx+e/AXVzcAgLSEhs3pMIUsMm oCJx/NsGZoheG4nPDffZQGxhATOJPU0fwGayCKhKrDzaDGZzCgRL/Pp2mAlkJrPAZkaJP2uf MoIkRAQ0JB6sO84Esewou8T6n3OZQJZJCMhKLP0TAhKXENjFLnGks41lAqPQLCTHzkJyLISt JfH9USuQzQFky0scPC8LEdaUeHbvEzuErS3x5N0F1gWMbKsYhXMTM3N0M/OMDPUSCwpyUvWS 83M3MYIiaTWT6A7G+a8MDzEKcDAq8fBOeDAvUog1say4MvcQozQHi5I4r5ssUEggPbEkNTs1 tSC1KL6oNCe1+BAjEwenVANj95tzqq1XJjyRDol/IXSAa/una7vzKpilLivfOrRdxrfquLX+ fB0jdosV/k9tmzXn/Tq9vFs1seBiPOdVTo4zcqcl5TWuy4ooOLyzXy9ukPfHO6bJatM5ywpd 1cTSzVrsl/+q7Xkkdd6rxHjHlmlrJi7q2+h+4kZuS2Vv/XMF03crlzG6rcxUYinOSDTUYi4q TgQAhT4fk4UCAAA=
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFtrFKsWRmVeSWpSXmKPExsUi2FB8Qzfu7bxIg8fNAhZzZzWwWnz6sZ3R 4vPteewWX/YvYLRYf/odo8W1M/8YHdg8pvzeyOqxc9Zddo8Fm0o9liz5yRTAEmVtk5ZfVJ5Y lKJQlFxQYqtUnJGYkl8eb2lsZOqQWFCQk6qXnJ+rpG9nk5Kak1mWWoTMSrDOOLnuKntBp2HF o7dvmBoYt2t1MXJySAiYSEzs/MHWxcjFISRwiFFizZcLTCAJXgFBiR+T77GA2MwCYRIHpu5g gSj6yijx+Pw35i5GDg5hAQmJzXsSQWrYBFQkjn/bwAzRayPxueE+G4gtLGAmsafpA9hMFgFV iZVHm8FsToFgiV/fDjOBzGQW2Mwo8WftU0aQhIiAhsSDdceZIJYdZZdY/3MuE8gyCQFZiaV/ QiYw8s9Cct8sJPdB2FoS3x+1AtkcQLa8xMHzshBhTYln9z6xQ9jaEk/eXWBdwMi2ilGgKDUn sdJcDx5+mxjBkVWYuoOxcbnVIUYBDkYlHt4bV+ZFCrEmlhVX5gIDiYNZSYR32wOgEG9KYmVV alF+fFFpTmrxIcb9jEBfTmSWEk3OB8Z9Xkm8obGFsaWJhYGBiaWZCWFhExMDE2NjM2NjcxNz WgorifP2H5kTKSSQnliSmp2aWpBaBPMCEwenVAMjE3+Kz3nLlcsP73lhp92dna9ftSVi4txn Efvjrn9++UH286adp60X5mR4RJyf+J51W4Fo1N+nrGW7ZZu06px9JE/UBHZpOH8JXfXQaZrS pN7pL6+9c/7Jd/fdQQWr328/J2cITbqt/PzsnqkBU4L9PvnN0XQ+G/PJ87VUsKn4IdGJWlL2 QuvuKbEAU7ehFnNRcSIA56DLPU0DAAA=
Archived-At: <https://mailarchive.ietf.org/arch/msg/captive-portals/pEFF5_wvbzVgWuaopWsDO7_bbfc>
Subject: Re: [Captive-portals] Questions about PvD/API
X-BeenThere: captive-portals@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Discussion of issues related to captive portals <captive-portals.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/captive-portals>, <mailto:captive-portals-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/captive-portals/>
List-Post: <mailto:captive-portals@ietf.org>
List-Help: <mailto:captive-portals-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/captive-portals>, <mailto:captive-portals-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 24 Aug 2017 15:14:41 -0000

Right, I think the difference between an unreachable destination, and a captive portal or walled garden, is that we expect the captive portal style interaction to be an Operating System-level action, and one that will have consequences on everything the device does while associated to a given network. You can certain use spoofed ICMP to disrupt connections, but (a) the user would notice and (b) you're not causing the Operating System to change behavior. When the OS thinks it is on a captive network or not, it will change what network it considers primary/usable, which may potentially be invisible to the user other than an icon change. I would be able to go onto a captive network, start sending out ICMP messages, and potentially bump other people's connection off the network. 

Having the UE fetch some resource in order to determine captive state, especially if that resource can be somehow signed, makes it much harder for an attacker to cause the OS to take silent behavior.

Tommy

> On Aug 24, 2017, at 7:40 AM, Lorenzo Colitti <lorenzo@google.com> wrote:
> 
> A forged destination unreachable can't cause someone else's device to think that wifi is a portal and switch to possibly expensive cellular data.
> 
> On Thu, Aug 24, 2017 at 11:29 PM, David Bird <dbird@google.com <mailto:dbird@google.com>> wrote:
> Just like the rampant problem we see in ICMP Dest-Unreachable forgery attacks? 
> 
> On Thu, Aug 24, 2017 at 7:01 AM, Lorenzo Colitti <lorenzo@google.com <mailto:lorenzo@google.com>> wrote:
> On Thu, Aug 24, 2017 at 10:40 PM, David Bird <dbird@google.com <mailto:dbird@google.com>> wrote:
> Can you give an example of how ICMP could be misconfigured? 
> 
> It doesn't matter how hard it is to misconfigure, because it is trivial to forge.
> 
> 
> _______________________________________________
> Captive-portals mailing list
> Captive-portals@ietf.org
> https://www.ietf.org/mailman/listinfo/captive-portals

v2.23.0 | Report a Bug | By Email