IETF Logo Mail Archive

Re: [Captive-portals] I-D Action: draft-ietf-capport-api-00.txt

Martin Thomson <martin.thomson@gmail.com> Tue, 06 February 2018 00:54 UTC

Return-Path: <martin.thomson@gmail.com>
X-Original-To: captive-portals@ietfa.amsl.com
Delivered-To: captive-portals@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B6B9712DA2B for <captive-portals@ietfa.amsl.com>; Mon, 5 Feb 2018 16:54:40 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id BYhsu7bc_IvG for <captive-portals@ietfa.amsl.com>; Mon, 5 Feb 2018 16:54:39 -0800 (PST)
Received: from mail-ot0-x234.google.com (mail-ot0-x234.google.com [IPv6:2607:f8b0:4003:c0f::234]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 01C3612DA29 for <captive-portals@ietf.org>; Mon, 5 Feb 2018 16:54:39 -0800 (PST)
Received: by mail-ot0-x234.google.com with SMTP id 73so193250oti.12 for <captive-portals@ietf.org>; Mon, 05 Feb 2018 16:54:38 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=pOEkFSohzdK/jeKOxhwN9LPqilCpnSRhchD9DjXW8i4=; b=FADu4JVca3uAJ0xE03zfWWWO6t187mKqUBuom03ztMYZFkAYErM0J2K8i8hG2RB1HP WG/qEDbK9EwEh2jYRmTcbx/mBtERVzYFa46EKzGYD29saOk1urVkjkygNq2kahnEyjut jMqYX3mlDDZT0ovbIemeBezaI92Pf3efbsdpGniGZnvgb6lWt1MjPYEUHsxGYsYRpOWk ZlNeohCuoWBXOHA1ff453Sq5kqxwlOE3lnClwT0ZgZ67V20kRVyaJ0uoaguukI6/6IuS tbJ4mQ8K1VUTAoBAD4qitlqD82IxZUxBg0MJXZ3w1lAm0C3v8xvcUKsdjBDGHphmRT+A c2Eg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=pOEkFSohzdK/jeKOxhwN9LPqilCpnSRhchD9DjXW8i4=; b=GrOdfZLSnO0fqWfyy7sEc04zg93S/6wjoL4DZGDx/tdFyKdyB0MjIGrVpzvMJOkSQe gJzSI2/PCXs2zJX04Fav3XJPKoqoGX1sCYR5fCEv9hH81qHkMwePpM0sKws7WvOalLok 2pbzNsopzw2Fmk7o5hZFvLDtm8rBNxk3n3q6ciaYHlY6cUK7Vy+ktXQF5iQUDtUyPeRh QFb0Soy19LlDYpQeLQOYaWizBD1wpU/IssST3cRSzfn39pApSzax8VsemiGLcNhDFB9s 2Db8DDojHX2QmJPswNxRjx88PRKmpOO3QfeiHx1X28sBktcDSq2G9JqwjZoHpx66+WtP /PjQ==
X-Gm-Message-State: APf1xPBe4PYzX2b4NnSf4n8fuIv+og8s8lry0MjL5W5Z8BGs043Vu+yh HucfHPazsuZeMB3p6OG24mgE6uhBq8jJaV473LGO6Q==
X-Google-Smtp-Source: AH8x2263FH+2aFUGdh/BPtqmUPsgDUbCeY13c1jNc0w4TScNGgHWdctYvyLWifl1Dkx4qKvqhWsnKZRHdJJYtGs/Cxc=
X-Received: by 10.157.54.233 with SMTP id s38mr475211otd.103.1517878478315; Mon, 05 Feb 2018 16:54:38 -0800 (PST)
MIME-Version: 1.0
Received: by 10.157.52.196 with HTTP; Mon, 5 Feb 2018 16:54:37 -0800 (PST)
In-Reply-To: <CADo9JyVtKMCwcXsZgfNSJ8VshjaTxSPS7YWro71Z4Y7K4UWFxA@mail.gmail.com>
References: <151778535115.5816.386541967960931391@ietfa.amsl.com> <CADo9JyV2Rz2B9H_h9JMne7XLtMeVb2OajheZ86i5g8nsPmmFOw@mail.gmail.com> <CABkgnnW_x6sokdEo-yyzk0DKFqom6b7aHpoLgRnBHOW_cGB6yA@mail.gmail.com> <CADo9JyXRtyuzoWJKA+aASGh-bEJ8hi323VRdBeyqsgXwNxSkbw@mail.gmail.com> <CADo9JyVtKMCwcXsZgfNSJ8VshjaTxSPS7YWro71Z4Y7K4UWFxA@mail.gmail.com>
From: Martin Thomson <martin.thomson@gmail.com>
Date: Tue, 06 Feb 2018 11:54:37 +1100
Message-ID: <CABkgnnX2iQwDR_zgk15OQSCWh1pJBrJRvTwmEHbvsecaoQOuow@mail.gmail.com>
To: David Bird <dbird@google.com>
Cc: captive-portals@ietf.org
Content-Type: text/plain; charset="UTF-8"
Archived-At: <https://mailarchive.ietf.org/arch/msg/captive-portals/riaEK4y5qMQgKja9KyFgakHWo3Q>
Subject: Re: [Captive-portals] I-D Action: draft-ietf-capport-api-00.txt
X-BeenThere: captive-portals@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Discussion of issues related to captive portals <captive-portals.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/captive-portals>, <mailto:captive-portals-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/captive-portals/>
List-Post: <mailto:captive-portals@ietf.org>
List-Help: <mailto:captive-portals-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/captive-portals>, <mailto:captive-portals-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 06 Feb 2018 00:54:41 -0000

On Tue, Feb 6, 2018 at 8:41 AM, David Bird <dbird@google.com> wrote:
>> I have heard UE vendors express a strong desire to be able to know
>> about status before they attempt to use the network.
>>
>
> Hm, but (assuming you are using the provided network for DNS, CRL checks,
> and the API itself), the UE is *already* using the network.

Not really.  The way I understand it, the UE alters routing tables so
that only applications that explicitly opt in to using the interface
to the network can do so.  That state exists until the network is
given an "all clear".

> I believe this desire on the UE vendor part is a case of 'be careful what
> you wish for' ... Having an API telling you it is "all clear" vs "do
> internal (often sandboxed for various reasons browser) captive portal
> dialog" amounts to making this a configuration of the network administrator
> -- Remember the (current) arms race concerning captive  portal detection?
> Well, the network operator wins with this API (!).

Remember we already concluded that if the network wants to lie about
status, we aren't planning to stop them.  There are still some
discussions to be had about providing incentives to be truthful, but
it's possible that we could never really plumb the depths of that
issue productively, so we've been deferring it.

> Over the years on this list we have seen many use-cases come through, I
> recall:
>
> -  A school/library network that allows most of the Internet, but captures
> and redirects for certain networks / sites
> -  A network allows all sorts of protocols - IMAP, HTTPS, for example -
> but not others - like HTTP, SMTP - and want to redirect / signal portal
> -  A network that allows all Internet traffic, but just at a low QoS tier.
> No "captive" portal, but a portal is  yet available for upgrading tier
> -  Any network that allows a large walled garden, or even a *very large*
> garden, but otherwise has a captive portal
> -  A network that will 99.99% of the time allow all traffic, but will
> (perhaps because of virus detection) interrupts sessions  into captive state
> [technically, this is a "boolean" use-case, but one where polling would just
> be huge noise]

I'd say that the amount of information provided here is rich enough
that you want to talk to a human.  Very few networks permit sending of
arbitrary packets to arbitrary hosts and the receipt of similar.  The
point is to ensure that you are managing expectations.  If I
understand the expression of requirements, the idea is that a UE can
use the boolean signal, but this other stuff is better presented on
the web page.  If the network starts off in a captive state, then that
page will be seen (if there is a human), and maybe not used (if there
isn't).

> Clients that go idle typically have their session terminated - so, yes, it
> does save the user time (depending on "time" is billed - real time vs
> metered, etc).

Right.  Though this is relatively rare in my experience.  In those
cases, I think that the idea is that the client can check with the API
before its time comes due and notice the resulting extension and so go
back to sleep.

v2.23.0 | Report a Bug | By Email