IETF Logo Mail Archive

Re: [Captive-portals] I-D Action: draft-ietf-capport-api-00.txt

David Bird <dbird@google.com> Mon, 05 February 2018 18:03 UTC

Return-Path: <dbird@google.com>
X-Original-To: captive-portals@ietfa.amsl.com
Delivered-To: captive-portals@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B152912D872 for <captive-portals@ietfa.amsl.com>; Mon, 5 Feb 2018 10:03:58 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.01
X-Spam-Level:
X-Spam-Status: No, score=-2.01 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=google.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id KDwMc2jB8a3y for <captive-portals@ietfa.amsl.com>; Mon, 5 Feb 2018 10:03:55 -0800 (PST)
Received: from mail-io0-x229.google.com (mail-io0-x229.google.com [IPv6:2607:f8b0:4001:c06::229]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9302B12D862 for <captive-portals@ietf.org>; Mon, 5 Feb 2018 10:03:55 -0800 (PST)
Received: by mail-io0-x229.google.com with SMTP id c17so31147105iod.1 for <captive-portals@ietf.org>; Mon, 05 Feb 2018 10:03:55 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to; bh=G7fm0X6UBB5+bKRn3pgHNn2Sikc00fhh6fnwHeQtM0A=; b=rbbBI/OFrl1xXNtQ4jWqYVCgbQOoRedMHvvkHirvCgkYFxaoaf0pcNghMeWIlryjmZ MBNWHkpnyCF8n/c8KzcXiGSDn1ar599PJ43tt8fYDdWanTFa5/HccZfZ+00in9eVvXyg egaG9i/HH9wcsBAeAIAA7Y3yEdTbCUPpp+uVNxuzTPWt9Vj8dNTAX7bJe63XJFNdsmb8 uvoZbXsYC3s4f7fcFZmZIF7sD9H6D1NE/kopfU2fwRB/2Z3zTqQPt6b6/AR8R1Uiw5Hw fKZmgkibFXzFVztMlWGA2HZzu+GVnU/UHLRDGrYsFK8cMH7pGQY7OpVFh6C2VVTAZhQh KAPA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to; bh=G7fm0X6UBB5+bKRn3pgHNn2Sikc00fhh6fnwHeQtM0A=; b=YXWPYjM8zDwLDAgVMTyq3GGZKHkQw5TIlW/SEtkfwUxKisru/pGn0+EESF23OmBaID OtjL4u05v0NSXPtI8uJxsIGMNJQOQTV7VlLAdM+GR4Wn4nks9/JFV4Il7Fx5ly4CeERE aRVz03GGkWP5yVcmFyLnHdP4WNaVWOpCi8iIE6QuhEnOzO7WULuZJOoY5x/fDrR6BAa1 TQ9f2qK+Jupz7RWgbl++sfJ0IJWmrQneAzBohqhb0IvZ2XWY8ONiRZ+AZ24eBswyUsjC VEhmerH5g1RjcIe8IJ4R7qhE4nA/0HCmyGP4odpgOOyJHSBeGjCBAqrKMRdsmhlM0Jx0 FEUg==
X-Gm-Message-State: AKwxyteRo2RJxXC95yQuoPBmwxPZ1IC7MOS3bp6jQAYkq+TRVK9O18H+ EqPvbFN3tYboCgxtnJZl4cJfEYTtwD/Nh1BwH9kNk2Xwn2g=
X-Google-Smtp-Source: AH8x225FU2BpmZrvulPYeyJzKLvtVY4nNnSB2EfkZnB4lbId6Jc/ODBrVcL1JxPRJkB8b6JA1divINvVIOTfG1dZFnk=
X-Received: by 10.107.78.17 with SMTP id c17mr46813274iob.18.1517853834172; Mon, 05 Feb 2018 10:03:54 -0800 (PST)
MIME-Version: 1.0
Received: by 10.2.137.229 with HTTP; Mon, 5 Feb 2018 10:03:53 -0800 (PST)
In-Reply-To: <151778535115.5816.386541967960931391@ietfa.amsl.com>
References: <151778535115.5816.386541967960931391@ietfa.amsl.com>
From: David Bird <dbird@google.com>
Date: Mon, 05 Feb 2018 10:03:53 -0800
Message-ID: <CADo9JyV2Rz2B9H_h9JMne7XLtMeVb2OajheZ86i5g8nsPmmFOw@mail.gmail.com>
To: captive-portals@ietf.org
Content-Type: multipart/alternative; boundary="f403043cc1509c121e05647ae246"
Archived-At: <https://mailarchive.ietf.org/arch/msg/captive-portals/rSgwxW0QbLnAa8vcxXFk13bpaPE>
Subject: Re: [Captive-portals] I-D Action: draft-ietf-capport-api-00.txt
X-BeenThere: captive-portals@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Discussion of issues related to captive portals <captive-portals.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/captive-portals>, <mailto:captive-portals-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/captive-portals/>
List-Post: <mailto:captive-portals@ietf.org>
List-Help: <mailto:captive-portals-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/captive-portals>, <mailto:captive-portals-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 05 Feb 2018 18:03:59 -0000

Thanks Darshak and Tommy, this is really helpful.

Some comments:

In 2. Workflow: Does it make sense to reorder 2) and 3)? It would seem
'Enforcement' should come before determining status (of said enforcement)
and how to proceed. I would argue that the UE might as well try to use the
network and wait for the network to respond (e.g. with Enforcement and/or
routing notifications/errors. Indeed, the UE sorta already *did* this if it
resolved DNS and checked certificate status of the API server hostname.

In 3.1 URI of Captive Portal endpoint, I think we must go beyond making TLS
a MUST --- we need to define how trust is handled. We must require the API
client to validate the hostname, present that hostname to the user for
acknowledgement. Or, are we explicitly saying that TLS is for privacy and
not security? (e.g. that we really don't care what the server cert is...
just that the cert is consistent for that location / domain?). Is the
client expected to check revocation lists?

In 3.2, ' "permitted" (required, boolean): indicates whether or not the
Captive Portal is open to the requesting host ' is confusing... does it
mean the UE is subject to a captive portal?  I dislike how boolean this is!
Why does it have to be all or nothing (especially if ICMP is providing
enforcement notification?)

Also in 3.2, I'm not sure about the time/data remaining info.. Is the
expectation that the client keeps polling? (never goes idle on any
network?) Is the expectation that the UE  will break connections after it
sees this API expire timer or counter, or shall the (smart) UE wait until
the network notification (ICMP) ?

I think it would be idea to keep ICMP focused on network notification and
we can use the API more for validation and improving the security (and user
interaction) of ICMP.

Cheers,
David




On Sun, Feb 4, 2018 at 3:02 PM, <internet-drafts@ietf.org> wrote:

>
> A New Internet-Draft is available from the on-line Internet-Drafts
> directories.
> This draft is a work item of the Captive Portal Interaction WG of the IETF.
>
>         Title           : Captive Portal API
>         Authors         : Tommy Pauly
>                           Darshak Thakore
>         Filename        : draft-ietf-capport-api-00.txt
>         Pages           : 6
>         Date            : 2018-02-02
>
> Abstract:
>    This document describes an HTTP API that allows hosts to interact
>    with a Captive Portal system.
>
>
> The IETF datatracker status page for this draft is:
> https://datatracker.ietf.org/doc/draft-ietf-capport-api/
>
> There are also htmlized versions available at:
> https://tools.ietf.org/html/draft-ietf-capport-api-00
> https://datatracker.ietf.org/doc/html/draft-ietf-capport-api-00
>
>
> Please note that it may take a couple of minutes from the time of
> submission
> until the htmlized version and diff are available at tools.ietf.org.
>
> Internet-Drafts are also available by anonymous FTP at:
> ftp://ftp.ietf.org/internet-drafts/
>
> _______________________________________________
> Captive-portals mailing list
> Captive-portals@ietf.org
> https://www.ietf.org/mailman/listinfo/captive-portals
>

v2.23.0 | Report a Bug | By Email