[Captive-portals] Notes from meeting
Martin Thomson <martin.thomson@gmail.com> Thu, 22 March 2018 19:58 UTC
Return-Path: <martin.thomson@gmail.com>
X-Original-To: captive-portals@ietfa.amsl.com
Delivered-To: captive-portals@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D97F9124207 for <captive-portals@ietfa.amsl.com>; Thu, 22 Mar 2018 12:58:01 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level:
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id eUADDHDVu10A for <captive-portals@ietfa.amsl.com>; Thu, 22 Mar 2018 12:57:59 -0700 (PDT)
Received: from mail-ot0-x231.google.com (mail-ot0-x231.google.com [IPv6:2607:f8b0:4003:c0f::231]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id CBAFB120726 for <captive-portals@ietf.org>; Thu, 22 Mar 2018 12:57:59 -0700 (PDT)
Received: by mail-ot0-x231.google.com with SMTP id m7-v6so10839009otd.1 for <captive-portals@ietf.org>; Thu, 22 Mar 2018 12:57:59 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:from:date:message-id:subject:to; bh=gr3G7aOHAdc1sioP+a4IkktYc0hubWBS5crw+2vbhdU=; b=OlVTqDFwubnIdBQfSgoskO7iigNigOa89M1GEuOL5JEnG4SjqRNDGSUNhuv/FllHno 85myS05/Xm4rNjCq8sg1L0pdvxUq8j5hOWzjByLLWFsIVysdgjDH2n82WPAwvBVSNOlk zrrzpdyZ8POFRs3raLsXcPrfVDKaUW+zLlFUzurzycrALA/nPNrshhmtUODdTDEkIirX RyiUOpj0fm6SOHY/SMnSBebqCGuFH9+2iFhn6UWwpavDlhpQRuKn3d50jROlQ/741hoa Ro+arzuabtCvOXfj54pNEX7sgoIBlgJ/SWMekAwOGT10cZ2tZSnCIbbGySco/oSioesW vz8A==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=gr3G7aOHAdc1sioP+a4IkktYc0hubWBS5crw+2vbhdU=; b=GtmvhCNw2higKSEFHmI2SgSTwxYowFz7RRhTZVlTK+gF/JA3/I9cKUfJ8il8ZvdQEn Z3HocsoTW2eYl8B1SUj2qoSgW5qqPsgFFAtRY61SjRJtvrwY5Fbq5F1byZ9W2LhVsp6X TtnG6HWG8e1izOpSGt1qZehB6v+O0r98+NrrLmgAKUWxiq9IVlucsiyTUsy3QDu+ESet XrXHqqYrkJIE/a/7UNwwLaQZ3XIfs6k3RbPD0/oZcj9sOFb3Ta/nODkz4a6gFXvl8Et6 8TMGT4iPI1e+CVuHUMQGkTsckwr6uYCjyH9ywqa3Rrh6W3uNJYXX+AIyHMFBPsSWpwy2 Zt0g==
X-Gm-Message-State: AElRT7Fw+brVdYI6Hf2qvIfb7TKRmxzQmZOvjSbp/tQiuBp2NW3a23yW cxeFeh5YJRbVICjQfdEtIFagcYcD1opaN94BfTMg1w==
X-Google-Smtp-Source: AG47ELsNV+j6cI3ToyOrWsiOL6lesVLusfSNuPAw+XUQY4rGbqq5lzvWtPMfoAT9L1pquWK6zuHco+ACV6DuANCnOLI=
X-Received: by 2002:a9d:2963:: with SMTP id d90-v6mr15529028otb.396.1521748678831; Thu, 22 Mar 2018 12:57:58 -0700 (PDT)
MIME-Version: 1.0
Received: by 2002:a9d:ac7:0:0:0:0:0 with HTTP; Thu, 22 Mar 2018 12:57:57 -0700 (PDT)
Received: by 2002:a9d:ac7:0:0:0:0:0 with HTTP; Thu, 22 Mar 2018 12:57:57 -0700 (PDT)
From: Martin Thomson <martin.thomson@gmail.com>
Date: Thu, 22 Mar 2018 19:57:57 +0000
Message-ID: <CABkgnnW5+7R_jYfRTryzS4Gcveha4f8pcYrjv_dK0X9cjy8x3g@mail.gmail.com>
To: captive-portals@ietf.org
Content-Type: multipart/alternative; boundary="000000000000708186056805b9fa"
Archived-At: <https://mailarchive.ietf.org/arch/msg/captive-portals/vCGlMbmDH9YaQXMnPACIsWzjthE>
Subject: [Captive-portals] Notes from meeting
X-BeenThere: captive-portals@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Discussion of issues related to captive portals <captive-portals.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/captive-portals>, <mailto:captive-portals-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/captive-portals/>
List-Post: <mailto:captive-portals@ietf.org>
List-Help: <mailto:captive-portals-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/captive-portals>, <mailto:captive-portals-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 22 Mar 2018 19:58:02 -0000
Taken on my phone Api Privacy : yes cache control Hmac key : do we need this if we don't have icmp? The icmp... Arch might define its existence but not the mechanics. Defer. Server auth: rsleevi says no must on OCSP, but maybe whitelist get on OCSP. Should is ok. If this fails, the api does not work and we get the existing behavior Talk about ux. Tommy suggests that this is a platform choice Media type bike shed: use one, editor choice Urls: Pierre says .wk opens the possibility of probing. Darshak says point to html OR api. PvD isn't a problem, just 7710. 7710 Warren is okay How does this relate to pvd? No option means no portal. 802.11u has a signal already. Kyle says this is generic. Tommy; the signals we have don't say that there is no block. Can we add pvd to this doc as well. Chairs will follow up. No conclusion on meaning of the url. Take to list. Arch Security is ok Identity - need to agree on type of id Enforcement device split considered.Kyle to take that to the list. Pierre: ue Id doesn't need to be known to the device Nick :we should be careful about the identifier and how hard it can be. Maybe describe how it might be insulated. Pierre: don't specify a specific type of id Advise against including pii in URIs maybe. Pvd cannot give the state. Pvd can't do per user, dynamic, or private Icmp Tero & Margaret :don't tweak destunreach. Do we need a new signal? Tommy can live without a signal. We should be careful not to DoS the api. Margaret : maybe we can use destunreach to trigger a check of the api. Lorenzo : anything spoofable cannot be more than a hint. Unsolicited messages are hard to secure. I want to know in advance. Warren : maybe a talk to me thing. Margaret : maybe icmp, maybe not destunreach Lorenzo to produce some requirements Chairs will confer, but tentative plan is to capture requirements and await someone making a proposal Darshak gave an overview of other network standardization in the area of network authentication Not in scope Parallel but not congruent Can you help us authenticate the ra? Like a security upgrade for the network, which would need 802 collaboration
- [Captive-portals] Notes from meeting Martin Thomson
- Re: [Captive-portals] Notes from meeting Erik Kline
- Re: [Captive-portals] Notes from meeting Erik Kline