Re: [Captive-portals] Thoughts/comments on draft-nottingham-capport-problem-01
David Bird <dbird@google.com> Fri, 11 March 2016 00:10 UTC
Return-Path: <dbird@google.com>
X-Original-To: captive-portals@ietfa.amsl.com
Delivered-To: captive-portals@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0FA5912DEEF for <captive-portals@ietfa.amsl.com>; Thu, 10 Mar 2016 16:10:01 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.701
X-Spam-Level:
X-Spam-Status: No, score=-2.701 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=google.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id U4DzUuElvm65 for <captive-portals@ietfa.amsl.com>; Thu, 10 Mar 2016 16:09:58 -0800 (PST)
Received: from mail-vk0-x234.google.com (mail-vk0-x234.google.com [IPv6:2607:f8b0:400c:c05::234]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 82CE412DF0F for <captive-portals@ietf.org>; Thu, 10 Mar 2016 16:09:58 -0800 (PST)
Received: by mail-vk0-x234.google.com with SMTP id e185so116085226vkb.1 for <captive-portals@ietf.org>; Thu, 10 Mar 2016 16:09:58 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc; bh=OfSrANKsEF/ot/Qd8uqPiXjMyil7B0PMHeLKrYsCByQ=; b=Skco4Nz567fEX68ERJ+3Yn+arDjeSjWMLOPbul3CK4oSphu5M59JNHOB6Nd0ZReFw8 3oBSA9zzNRX1WrIjdJOcGUzWeG+bSWIidChq3pTZ3wLvEPuuCXvttUBEfp731MMdNDa7 lIZYge0ngVafNulx5DdFmenoalhwbeyfWQW7po3ktJKR+ocbm6xFWQsVJgMF3vBTuq+O osZOQJSPD3SlrxzyEi4uBWqOip1UWS7wRRgl8q5cZt6AFK/WZrwX1H8pt4AoGTLQ2KI9 S0NrocmIyAGLPlC0gpFFs6JUWvN1elxz6dyG7tR7O33Q4m5AKolwjLWNYLUCarAZtE7o kArg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:date :message-id:subject:from:to:cc; bh=OfSrANKsEF/ot/Qd8uqPiXjMyil7B0PMHeLKrYsCByQ=; b=RLUV5dcwgDo0uoGDnyULvUlVRTdlxZVou6Jt48JIKOyJRhAH4yD4hZWefl1auPZS8h Jb7klu2eQnwFg4RBpUTkphPJwbk/zpMI45DG+YEqWeW7ix3Sry5wr8RybzcYkD76/7Cz 0E7JOqE+PqyCh0BTo1WIL98ajDptks54W1Rx+ItZv9hlbNmbWAlF9hWWlOj2VzED5ZUf uUWH8+1LdQvVzIsC6seEceKsL3lHUj4aXfPhy61zWRUqUr5MPdG8WPAl5BqzH3OJhcYu lKU6/vmhRrlk4bcerEdSr1ER1pXHpVbzwpIpI6Ljfx5QtYwey21Gpm5UZKyJJgbE3j30 D4vg==
X-Gm-Message-State: AD7BkJIEIlA4X58Cz/8Nft7eA8dqgyxSl1AR/gpreECTRIX0TFf9QJQcwYDb5RoJwVHPfoMHU3Ml8RLWY2cT/P2H
MIME-Version: 1.0
X-Received: by 10.31.180.215 with SMTP id d206mr6417154vkf.125.1457654997535; Thu, 10 Mar 2016 16:09:57 -0800 (PST)
Received: by 10.159.37.42 with HTTP; Thu, 10 Mar 2016 16:09:57 -0800 (PST)
In-Reply-To: <16287DD0-2408-4164-A945-F10A0D9BF22D@mnot.net>
References: <CADo9JyVXUR=bgueHW1wWk4PhCJEvs0R-p9ya5wGVEmtYjtoFJQ@mail.gmail.com> <51DE1996-428B-4F22-AB02-64C31F812E39@mnot.net> <CABkgnnWTfGsbktCHGGygE=Cva4JsA6_mBuBhN2KwrwNSKVQwLQ@mail.gmail.com> <16287DD0-2408-4164-A945-F10A0D9BF22D@mnot.net>
Date: Thu, 10 Mar 2016 16:09:57 -0800
Message-ID: <CADo9JyUcxA8aaAhkOQDpA9BMMvL0EGEasx0HQA6BY9Ewbqyr+g@mail.gmail.com>
From: David Bird <dbird@google.com>
To: Mark Nottingham <mnot@mnot.net>
Content-Type: multipart/alternative; boundary="001a1143f356559ac2052dbac0b3"
Archived-At: <http://mailarchive.ietf.org/arch/msg/captive-portals/urSp0AT969KKWUYHFz7YxG7RGxU>
Cc: captive-portals@ietf.org, Martin Thomson <martin.thomson@gmail.com>
Subject: Re: [Captive-portals] Thoughts/comments on draft-nottingham-capport-problem-01
X-BeenThere: captive-portals@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Discussion of issues related to captive portals <captive-portals.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/captive-portals>, <mailto:captive-portals-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/captive-portals/>
List-Post: <mailto:captive-portals@ietf.org>
List-Help: <mailto:captive-portals-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/captive-portals>, <mailto:captive-portals-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 11 Mar 2016 00:10:01 -0000
I'm not aware of any CP detection being triggered only based on the SSID. (What does it do if there actually isn't a CP?) ... An attacker gets a LOT more mileage out of a Open SSID evil twin with NO captive portal if the desire is to capture cookies... Any attacker that gets tripped up by clients doing a Sandboxed browser isn't a very good attacker :) David On Thu, Mar 10, 2016 at 3:51 PM, Mark Nottingham <mnot@mnot.net> wrote: > On 8 Mar 2016, at 8:11 PM, Martin Thomson <martin.thomson@gmail.com> > wrote: > > > > On 8 March 2016 at 18:45, Mark Nottingham <mnot@mnot.net> wrote: > >> I've seen CPs that ask for Facebook username and password, but NOT over > HTTPS, and not to a Facebook domain (IIRC); it's more of a user education / > security UX problem than anything. > > > > > > That's perhaps an extreme - and horrific - example of what I thought > > you intended here. > > > > Loading a real browser allows a CP to close the loop with tracking > > bugs. That is less offensive, though to what degree might depend on > > where you sit. > > > > There are probably plenty of potentially relevant reasons too. For > > example, a network operator might simply want to authorize one set of > > users (their paying customers) over others. A sandbox in that context > > represents a hurdle for their users, who can't rely on cookies or > > other preexisting state. The sandbox then has security drawbacks in > > that it encourages users to pick less secure passwords. > > One aspect that's potentially different is that current CP detection > implementations (going to add a term for that :) can be automatically > triggered; if the OS recognises a SSID ("ATTWifi", anyone?), it'll pop up a > window. > > Without sandboxing, that means the network gets tracking data without any > user intent in a very common case. An attacker can also spoof a common SSID > to gather such data. > > Of course, OSs could stop automatically joining Wifi networks, but that > would make for a lot of unhappy users... > > > -- > Mark Nottingham https://www.mnot.net/ > >
- [Captive-portals] Thoughts/comments on draft-nott… David Bird
- Re: [Captive-portals] Thoughts/comments on draft-… Mark Nottingham
- Re: [Captive-portals] Thoughts/comments on draft-… Martin Thomson
- Re: [Captive-portals] Thoughts/comments on draft-… Mark Nottingham
- Re: [Captive-portals] Thoughts/comments on draft-… David Bird
- Re: [Captive-portals] Thoughts/comments on draft-… Mark Nottingham
- Re: [Captive-portals] Thoughts/comments on draft-… Alexis La Goutte
- Re: [Captive-portals] Thoughts/comments on draft-… Cohen-Rose, Adam
- Re: [Captive-portals] Thoughts/comments on draft-… Michael Richardson
- Re: [Captive-portals] Thoughts/comments on draft-… Martin Thomson
- Re: [Captive-portals] Thoughts/comments on draft-… Roscoe, Alexander