IETF Logo Mail Archive

[Captive-portals] Robert Wilton's No Objection on draft-ietf-capport-api-07: (with COMMENT)

Robert Wilton via Datatracker <noreply@ietf.org> Thu, 11 June 2020 11:17 UTC

Return-Path: <noreply@ietf.org>
X-Original-To: captive-portals@ietf.org
Delivered-To: captive-portals@ietfa.amsl.com
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id A18723A0029; Thu, 11 Jun 2020 04:17:41 -0700 (PDT)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
From: Robert Wilton via Datatracker <noreply@ietf.org>
To: The IESG <iesg@ietf.org>
Cc: draft-ietf-capport-api@ietf.org, capport-chairs@ietf.org, captive-portals@ietf.org, Martin Thomson <mt@lowentropy.net>, mt@lowentropy.net
X-Test-IDTracker: no
X-IETF-IDTracker: 7.3.1
Auto-Submitted: auto-generated
Precedence: bulk
Reply-To: Robert Wilton <rwilton@cisco.com>
Message-ID: <159187426163.11035.11823958603457067416@ietfa.amsl.com>
Date: Thu, 11 Jun 2020 04:17:41 -0700
Archived-At: <https://mailarchive.ietf.org/arch/msg/captive-portals/t2RzKKaUcnz9geJkA0nMg2BsFG8>
Subject: [Captive-portals] Robert Wilton's No Objection on draft-ietf-capport-api-07: (with COMMENT)
X-BeenThere: captive-portals@ietf.org
X-Mailman-Version: 2.1.29
List-Id: Discussion of issues related to captive portals <captive-portals.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/captive-portals>, <mailto:captive-portals-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/captive-portals/>
List-Post: <mailto:captive-portals@ietf.org>
List-Help: <mailto:captive-portals-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/captive-portals>, <mailto:captive-portals-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 11 Jun 2020 11:17:42 -0000

Robert Wilton has entered the following ballot position for
draft-ietf-capport-api-07: No Objection

When responding, please keep the subject line intact and reply to all
email addresses included in the To and CC lines. (Feel free to cut this
introductory paragraph, however.)


Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html
for more information about IESG DISCUSS and COMMENT positions.


The document, along with other ballot positions, can be found here:
https://datatracker.ietf.org/doc/draft-ietf-capport-api/



----------------------------------------------------------------------
COMMENT:
----------------------------------------------------------------------

Hi,

I found this document straight forward and easy to read.

Linda's comment in the Opsdir review is interesting.  I would have expected the
CAPPORT architecture document to discuss/reference the problem being solved,
but it seems to be mostly silent on this.  I will redirect Linda's comment to
the CAPPORT architecture.

In section 5. "API State Structure", it does not state whether a connection
could be both time and data limited.  My reading of the spec is that this would
be allowed, assuming that is the case, the current text is fine.

6.  Example Interaction

   Upon receiving this information the client will use this information
   direct the user to the the web portal (as specified by the user-
   portal-url value) to enable access to the external network.  Once the
   user satisfies the requirements for extenal network access, the
   client SHOULD query the API server again to verify that it is no
   longer captive.

Nit: information direct => information to direct

7.  Security Considerations

I'm slightly concerned about the third paragraph in the security
considerations.  Ideally I would like a solution that doesn't require humans to
potentially spot potentially dubious spoofed domain names.  But I can
appreciate that is probably out of scope here.

7.1.  Privacy Considerations

Possibly worth adding a comment about the necessity to keep personal
information secure.   In addition, should there be any comments about GDPR like
constraints (if they apply)?

Thanks,
Rob

v2.23.0 | Report a Bug | By Email