Re: [Captive-portals] FW: New Version Notification for draft-larose-capport-architecture-00.txt
Martin Thomson <martin.thomson@gmail.com> Fri, 10 March 2017 02:34 UTC
Return-Path: <martin.thomson@gmail.com>
X-Original-To: captive-portals@ietfa.amsl.com
Delivered-To: captive-portals@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8A2771294A6 for <captive-portals@ietfa.amsl.com>; Thu, 9 Mar 2017 18:34:55 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.108
X-Spam-Level:
X-Spam-Status: No, score=-1.108 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DATE_IN_PAST_03_06=1.592, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id DmjN54rwNyk8 for <captive-portals@ietfa.amsl.com>; Thu, 9 Mar 2017 18:34:54 -0800 (PST)
Received: from mail-qk0-x235.google.com (mail-qk0-x235.google.com [IPv6:2607:f8b0:400d:c09::235]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0E60012943B for <captive-portals@ietf.org>; Thu, 9 Mar 2017 18:34:54 -0800 (PST)
Received: by mail-qk0-x235.google.com with SMTP id 1so148973251qkl.3 for <captive-portals@ietf.org>; Thu, 09 Mar 2017 18:34:54 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=3WwsqIJIC4BxD4YmiJggAd4oLnGdFXnK2K2fCYa4ToY=; b=gssZwULU9EAPcLmTfASzqxx78C5IoJM6pIx1huf571Tf5bb2huWZCvbHuUMRjfjT+8 P5e4VjePH5/lf5EMV+P0Lq2A9C6JeaIZv6VqYYOFeGFzv5jaj0Ny2QUAGOJ9UHwUJGP/ H3JVBoQz1mGh5XAR4L8LlpCVhTAqnLeJPSgXTRNrumLGcNLI+qKjwXcp0+G+tql3VjFF 8G1hOqs11GMCUC6iXDHe/WkJdiEi4/NL+SgQxk2GwDcMwgGIi7IRhL/f0m9ZNtxLyy4z hJh6/sCKXjriAuK6elRIYY8i/Pop6wAk40QP9sAiccACVWdr/KBrGm/ClMnrFLX3t6Sg QHUA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=3WwsqIJIC4BxD4YmiJggAd4oLnGdFXnK2K2fCYa4ToY=; b=UuZAFUQTmOs2Z6yfHNlCPs6uhhRF6uiYYpQhwQuOdTMaTHvSO1Jq98SG196barsKSH GcIlmrOTo8g1wKGpNnwq+dMRqFGDm8RYiKKan3GdJBeRc/RGS4IDIlRjG7FeyvYJeRxa GGm2/N1lFrBQrLqaI/FHNdatYaF9AzoiF+prHjcEGTY5kkbdu/iOhe9Rx9h00wPPOBrV n/mLbr8eTMxOp9YWD9uoNfeh1oAkASK8QMxQCCJ0wmGOi+77BB2aS6/j/hGJRNibwmWr OCnk5lDB5InnYUigXJ+nOce0i9icmQOA4Kn0FNMd94udMS1uJ+7Db7uk3VB8m4uiYRXl LxHQ==
X-Gm-Message-State: AMke39nobdxp5WHCysPvJHKFQyqBppwflZFvYpbo4SiooqfV7KBg0Apk9H5mlpUh8FaGciWTB/kqpPhtXy/bQA==
X-Received: by 10.237.41.100 with SMTP id s91mr17824859qtd.143.1489102351039; Thu, 09 Mar 2017 15:32:31 -0800 (PST)
MIME-Version: 1.0
Received: by 10.140.19.112 with HTTP; Thu, 9 Mar 2017 15:32:30 -0800 (PST)
In-Reply-To: <D76BBBCF97F57144BB5FCF08007244A77058CF7F@wtl-exchp-1.sandvine.com>
References: <148909812984.5791.13927658190997966571.idtracker@ietfa.amsl.com> <D76BBBCF97F57144BB5FCF08007244A77058CF7F@wtl-exchp-1.sandvine.com>
From: Martin Thomson <martin.thomson@gmail.com>
Date: Fri, 10 Mar 2017 10:32:30 +1100
Message-ID: <CABkgnnUC9N0_Bb2P-=6+iOg3FuxqNAve-hgCVxWb3Sh+zHRb_w@mail.gmail.com>
To: Kyle Larose <klarose@sandvine.com>
Content-Type: text/plain; charset="UTF-8"
Archived-At: <https://mailarchive.ietf.org/arch/msg/captive-portals/pH9Oyc1qfd-0fVFDtskSH1SFpFw>
Cc: "captive-portals@ietf.org" <captive-portals@ietf.org>, Dave Dolson <ddolson@sandvine.com>
Subject: Re: [Captive-portals] FW: New Version Notification for draft-larose-capport-architecture-00.txt
X-BeenThere: captive-portals@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Discussion of issues related to captive portals <captive-portals.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/captive-portals>, <mailto:captive-portals-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/captive-portals/>
List-Post: <mailto:captive-portals@ietf.org>
List-Help: <mailto:captive-portals-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/captive-portals>, <mailto:captive-portals-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 10 Mar 2017 02:34:55 -0000
Thanks for putting this together Kyle. After a brief skim (I will read this more thoroughly in the next week or so), I have some high level comments that I think you should spend some time thinking about: 1. How to manage trust in the ICMP messages. I like that you are just using these to nudge a client into the flow, but how do you avoid spoofing? We've a little bit of experience with this in QUIC and there is some advice on how a client might handle unauthenticated ICMP there that might be reused (key observation: v6 >> v4 because you get much better assurances about the message coming from a path element). 2. How do you authenticate the interactions with the portal? How do you decide what to give it? 3. How to interact with the DHCP-provided URI. The big failing of RFC 7710 (in my view) is that it doesn't really say what to do with this URI that falls into your lap. I think that you either shove it in a browser or poke at it with some sort of other type of request (you seem to assume the latter here), but that's astonishingly vague. This seems like a great opportunity to point at other work. Work I'm hoping will start at the hackathon. On 10 March 2017 at 09:26, Kyle Larose <klarose@sandvine.com> wrote: > Hello, > > Dave and I realized that the working group had discussed, at length, a possible solution to the captive portal problem. > Since we were planning on working on it during the hackathon, we figured it'd be a good idea to capture the working group's ideas in an architecture. > > We've uploaded the below draft as a skeleton for the architecture in the interest of having something to work from for the hackathon, > and discuss at the meeting. > > Let us know what you think. > > Thanks! > > Kyle > > -----Original Message----- > From: internet-drafts@ietf.org [mailto:internet-drafts@ietf.org] > Sent: Thursday, March 09, 2017 5:22 PM > To: Dave Dolson; Kyle Larose > Subject: New Version Notification for draft-larose-capport-architecture-00.txt > > > A new version of I-D, draft-larose-capport-architecture-00.txt > has been successfully submitted by Kyle Larose and posted to the IETF repository. > > Name: draft-larose-capport-architecture > Revision: 00 > Title: CAPPORT Architecture > Document date: 2017-03-09 > Group: Individual Submission > Pages: 10 > URL: https://www.ietf.org/internet-drafts/draft-larose-capport-architecture-00.txt > Status: https://datatracker.ietf.org/doc/draft-larose-capport-architecture/ > Htmlized: https://tools.ietf.org/html/draft-larose-capport-architecture-00 > > > Abstract: > This document aims to document concensus on the CAPPORT architecture. > DHCP, ICMP, and an HTTP API are used to provide the solution. > > > > > Please note that it may take a couple of minutes from the time of submission until the htmlized version and diff are available at tools.ietf.org. > > The IETF Secretariat > > _______________________________________________ > Captive-portals mailing list > Captive-portals@ietf.org > https://www.ietf.org/mailman/listinfo/captive-portals
- [Captive-portals] FW: New Version Notification fo… Kyle Larose
- Re: [Captive-portals] FW: New Version Notificatio… Dave Dolson
- Re: [Captive-portals] FW: New Version Notificatio… Martin Thomson
- Re: [Captive-portals] FW: New Version Notificatio… Martin Thomson