IETF Logo Mail Archive

Re: [Captive-portals] option 160 conflict

"Bernie Volz (volz)" <volz@cisco.com> Fri, 20 December 2019 22:53 UTC

Return-Path: <volz@cisco.com>
X-Original-To: captive-portals@ietfa.amsl.com
Delivered-To: captive-portals@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2FDD612081C for <captive-portals@ietfa.amsl.com>; Fri, 20 Dec 2019 14:53:33 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -14.5
X-Spam-Level:
X-Spam-Status: No, score=-14.5 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com header.b=ivi4Y+7m; dkim=pass (1024-bit key) header.d=cisco.onmicrosoft.com header.b=voVNwLyV
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id havaxJUNMwKH for <captive-portals@ietfa.amsl.com>; Fri, 20 Dec 2019 14:53:30 -0800 (PST)
Received: from alln-iport-6.cisco.com (alln-iport-6.cisco.com [173.37.142.93]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 07ECE1200C1 for <captive-portals@ietf.org>; Fri, 20 Dec 2019 14:53:29 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=12206; q=dns/txt; s=iport; t=1576882410; x=1578092010; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-transfer-encoding:mime-version; bh=QoqNt6B759t3YKqaHe7OHF7bL0PKwjxIAX7JmBcym14=; b=ivi4Y+7mV/Ay9vdphtdSGqHlXitQoxIuBtMAg+AvrbMgcj0OWqrnduu2 pLiJcfxT4QOqXW31rJXP5DyrNtc5PgEJ9kP08AS6lcrRig/YNNozYsY1D 7GChfGvgdLn4UUa5N7jXitPEZ4f5HU8o3aJFyYqe5B0STDILlTtqY+RdI k=;
IronPort-PHdr: 9a23:gGG/ERUpKbdlRW0v/UbgD+WBF+jV8LGuZFwc94YnhrRSc6+q45XlOgnF6O5wiEPSANiJ8OpK3uzRta2oGXcN55qMqjgjSNRNTFdEwd4TgxRmBceEDUPhK/u/cSs+DuxJVURu+DewNk0GUMs=
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: A0DoAQD1T/1d/5hdJa1bChsBAQEBAQEBBQEBAREBAQMDAQEBgXyBTSknBWxYIAQLKgqDfYNGA4p1gl+YCIJSA1QJAQEBDAEBGA0IAgEBgUyCL0UCF4IFJDgTAgMNAQEEAQEBAgEFBG2FNwyFXgEBAQEBAQEBARAGCxEMAQEmBgsBCwQCAQgRBAEBAQICJgICAiULFQgIAgQOBQgMBweDAYJGAw4gAQIMoHsCgTiIYXWBMoJ+AQEFgTUBAwICDEGDHBiCDAMGgQ4ojBkaggBmK0eBTn4+gmQBAQEBAQGBNBUJDxWCeTKCLI0jEggGNoI/iBmVTHQKgjSHMoU7iUaBWJQ9hECXI5ICAgQCBAUCDgEBBYFpIoFYcBU7gmxQGA2NEgwXgQQBCIJDhRSFP3QBgSePRIEvATBfAQE
X-IronPort-AV: E=Sophos;i="5.69,337,1571702400"; d="scan'208";a="406019632"
Received: from rcdn-core-1.cisco.com ([173.37.93.152]) by alln-iport-6.cisco.com with ESMTP/TLS/DHE-RSA-SEED-SHA; 20 Dec 2019 22:53:29 +0000
Received: from XCH-ALN-003.cisco.com (xch-aln-003.cisco.com [173.36.7.13]) by rcdn-core-1.cisco.com (8.15.2/8.15.2) with ESMTPS id xBKMrTIB002471 (version=TLSv1.2 cipher=AES256-SHA bits=256 verify=FAIL); Fri, 20 Dec 2019 22:53:29 GMT
Received: from xhs-rcd-001.cisco.com (173.37.227.246) by XCH-ALN-003.cisco.com (173.36.7.13) with Microsoft SMTP Server (TLS) id 15.0.1473.3; Fri, 20 Dec 2019 16:53:28 -0600
Received: from xhs-rtp-002.cisco.com (64.101.210.229) by xhs-rcd-001.cisco.com (173.37.227.246) with Microsoft SMTP Server (TLS) id 15.0.1473.3; Fri, 20 Dec 2019 16:53:27 -0600
Received: from NAM10-BN7-obe.outbound.protection.outlook.com (64.101.32.56) by xhs-rtp-002.cisco.com (64.101.210.229) with Microsoft SMTP Server (TLS) id 15.0.1473.3 via Frontend Transport; Fri, 20 Dec 2019 17:53:27 -0500
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=lfAubYquqPMm+KrMaM+gblUIq4eCjlrwwA+eCj81X+zpIPtxwoX9eBidSwnHfh7QLAIuTusCQOi/NZ3bI3QWnudSC0Z4bwe4C0Vn1/4LWpBrAXPCypXZWrqMspEUzcd7NjXcNXNHod+InZiIasR2tjaK5ioZVXHGpa1cGJuZcMntscySP+ksrMy0ITSi1nnFrIXWHoyN3QPNkLlmd5mFQF5FmOKUkVqYOKaEX7jcECFVLwXJPVi0yVfG3eQjqSdOm/iyr+WvQZbIpaq96ZMnjWgrioqRf4Cq1KfHi7+TjUH9BK5q3UdKMy8AzAnqRLFREPPwpdtUxE5kx9IljIsfEQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=QoqNt6B759t3YKqaHe7OHF7bL0PKwjxIAX7JmBcym14=; b=TWdXscfTDCvVpLrUp2zTPJWm6kDl+nPXq/S7ECu40jyVcvr6yVSnS8MguM9axUd3mO97avT6rJKciGF2wWM36CtGLxy7IkBcLaa+85WYjiShCiM5a3/CufoPAURyr0tpAtPxDlYh+vWwW+oQAk+/tcssQ44cGB88fxvpKw4Beh61UI1wT37MIoBvE/ZAAiw0GrIC9RPWINCSei7bwst3tfBV7QhlcXbC11B32fE83rmt7yNKCiySSicnfO3PYEXD7iQgnbUNH1nCQRZc9WNJSYA0DWZtle2w0f/Uq2Ix41IyyI4LfjyBvIirF4vdVEiC6i4kELgB3jkp+Wp4a1eTig==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=cisco.com; dmarc=pass action=none header.from=cisco.com; dkim=pass header.d=cisco.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cisco.onmicrosoft.com; s=selector2-cisco-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=QoqNt6B759t3YKqaHe7OHF7bL0PKwjxIAX7JmBcym14=; b=voVNwLyVXvBhxHuKTipQkT94Fou4v8ADB0Nr90quw1JAHnrbKzwzN5m7+EGWNRuQuUk2OyKIoIohp935X0F5qnm17xfIEAM4YdhDylWQwPeSpjw2kMNCCAlQLcT/lv68Wqro+yjxanKDWI9Jk0hdjZ13/dOwvhTZFKxo84FmOwo=
Received: from DM6PR11MB4137.namprd11.prod.outlook.com (20.176.126.158) by DM6PR11MB3050.namprd11.prod.outlook.com (20.177.220.88) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2559.16; Fri, 20 Dec 2019 22:53:25 +0000
Received: from DM6PR11MB4137.namprd11.prod.outlook.com ([fe80::4194:dade:1d47:2678]) by DM6PR11MB4137.namprd11.prod.outlook.com ([fe80::4194:dade:1d47:2678%6]) with mapi id 15.20.2538.022; Fri, 20 Dec 2019 22:53:25 +0000
From: "Bernie Volz (volz)" <volz@cisco.com>
To: Warren Kumari <warren@kumari.net>
CC: Michael Richardson <mcr+ietf@sandelman.ca>, "captive-portals@ietf.org" <captive-portals@ietf.org>
Thread-Topic: [Captive-portals] option 160 conflict
Thread-Index: AQHVtuDGm7BHqa7w/UedxE47kzlMkafDJrTwgAAn1oCAAEvtAA==
Date: Fri, 20 Dec 2019 22:53:25 +0000
Message-ID: <DM6PR11MB4137AEA878279A39A4C5E6BBCF2D0@DM6PR11MB4137.namprd11.prod.outlook.com>
References: <CAFU7BARZsgP_B+PvAdc1nKrypukBb1sJv8PU1Nq-vPipHG6h9w@mail.gmail.com> <30673.1574666680@dooku.sandelman.ca> <DM6PR11MB41370A13C93D12CA569A13D2CF450@DM6PR11MB4137.namprd11.prod.outlook.com> <15823.1574863018@dooku.sandelman.ca> <DM6PR11MB4137A09CC0527175C8F11EEDCF440@DM6PR11MB4137.namprd11.prod.outlook.com> <18576.1574927790@dooku.sandelman.ca> <CAHw9_iLOqTeY-zos50y_knwg4jtS4d608wDJatQF_XFLFwK8Wg@mail.gmail.com> <DM6PR11MB4137D61D3EC43B7133559509CF2D0@DM6PR11MB4137.namprd11.prod.outlook.com> <CAHw9_i+09y0D9AX9FXnym8fLHZsAnvBB2ef-43LWKiEoSY2P1Q@mail.gmail.com>
In-Reply-To: <CAHw9_i+09y0D9AX9FXnym8fLHZsAnvBB2ef-43LWKiEoSY2P1Q@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: spf=none (sender IP is ) smtp.mailfrom=volz@cisco.com;
x-originating-ip: [173.38.117.77]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: d4a5c825-67f8-40a7-28a0-08d7859f6c26
x-ms-traffictypediagnostic: DM6PR11MB3050:
x-microsoft-antispam-prvs: <DM6PR11MB30507C3D889182484D357BD1CF2D0@DM6PR11MB3050.namprd11.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:2803;
x-forefront-prvs: 025796F161
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(346002)(376002)(366004)(39860400002)(136003)(396003)(199004)(189003)(13464003)(26005)(478600001)(8676002)(6506007)(81156014)(186003)(81166006)(4326008)(8936002)(6916009)(53546011)(966005)(66476007)(64756008)(66556008)(66446008)(66946007)(9686003)(52536014)(86362001)(5660300002)(55016002)(76116006)(33656002)(316002)(2906002)(7696005)(71200400001)(54906003); DIR:OUT; SFP:1101; SCL:1; SRVR:DM6PR11MB3050; H:DM6PR11MB4137.namprd11.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1;
received-spf: None (protection.outlook.com: cisco.com does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: KHrXdIix4tq3dteB3ueziEQVRwoH4wAFktvsLIttlEnJr9xsAlmrEDX7inWbK5YDH3nyqOO+LlKsIK671+jObF4Ty+lDAPcRdkVqEG+kXu3stpZXly+Z6un5AblT1HPfNgRTeVyhQNMtqEMgdslkz4/qUK8VMWCCPRSVePlhkPktA5wjZMmepKbbmAN6gasZCtB9vtrXktAFLMXd10wnSqKNqeBtDGBsn4DZuAPciqOqjutbXY00rxp877FpFYEvIcKlvPhZXVx4rlDD2ZKa/ahwtOytSvEr9vebnK/ws3i4h9LwaKvV65fWzYB/T3zVnvCJnqBa2CxnSRV2YGqbogV7OS+NKiRYscOB74+Oi2n5OV0bwogVMWaIsx2V3CwDIMUOUdsWnfXufRfoYlQA6OudBzpcZg2vvP6gBeyAxGQHgSIhWnlU8C8XpNhZFY48MIG0KLf+ZBBCSv4pRG5nUltLs9zmz5aTlO7n5pOINRIGbjUfrjSiiFtunbcMANw6tVITdO7r1fFz6IHsjVQUS0Xyi4s/F4NlUTOJd5YmKvQ=
x-ms-exchange-transport-forked: True
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-Network-Message-Id: d4a5c825-67f8-40a7-28a0-08d7859f6c26
X-MS-Exchange-CrossTenant-originalarrivaltime: 20 Dec 2019 22:53:25.5020 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 5ae1af62-9505-4097-a69a-c1553ef7840e
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: GnSwtY8LTjBzmATQbCf+6yfwgm1VynV9jYzmFr52FKZ0NRnAyY8aXqM2VW1bN9ud
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM6PR11MB3050
X-OriginatorOrg: cisco.com
X-Outbound-SMTP-Client: 173.36.7.13, xch-aln-003.cisco.com
X-Outbound-Node: rcdn-core-1.cisco.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/captive-portals/yQVNrafui4o4fAhAYGuCfeJ2Q7I>
Subject: Re: [Captive-portals] option 160 conflict
X-BeenThere: captive-portals@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Discussion of issues related to captive portals <captive-portals.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/captive-portals>, <mailto:captive-portals-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/captive-portals/>
List-Post: <mailto:captive-portals@ietf.org>
List-Help: <mailto:captive-portals-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/captive-portals>, <mailto:captive-portals-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 20 Dec 2019 22:53:33 -0000

Hi:

To me with just a quick glance at the bis document, it seems that the option format has not changed and still contains the same information.

I don't really know what pain there has been with the 160 conflict (in terms of what interoperability issues it has created, etc.) so it is difficult for me to judge whether asking for a new option code is worth it or not. 

I see that:
1) It would not really remove the overlap for a long while (until all of the clients that used the "old" 160 Capport option are upgraded). So, devices will still need to deal with it for a long while.
2) It creates additional problems as new clients likely need to request both and prefer the new one over the old 160. As it could also be a while until servers in the field are upgraded (software and configuration). And, since this URI might be long, servers without special handling would return both which could cause MTU issues. (See below *).
3) When, if ever, could you stop supporting the old option? I guess a server operator could take a survey, but if there are these phones around, they may still request it and would the operator be able to tell the difference?

Certainly you would not need a new one for v6!

I would also suggest looking to see if there is a way for servers to potentially distinguish whether the device asking is a Polycom option vs a Capport option - at least then you could add text that suggests servers might want to solve this problem by having a way to distinguish the two options to send the correct one. For example, many devices will send a class id option (60) to identify the device class and this could potentially be used.

Finally, it would good if Polycom moved away from using option 160 - perhaps by moving to a Vendor-Identifying option (see RFC3925). But that also has the same issues as mentioned above since probably both the old and new vendor identifying would have to be used -- but that also helps in servers determining whether it is a Polycom device or not asking for option 160.

Sadly, there's no really great solution to this issue. We did push to request those that hijacked options to report them, but we obviously didn't reach everyone and perhaps this also is much more recent than that earlier work.

* (From see below above) - One solution might be to use the new option code just to signal to the server that "hey, the 160 option I was asking for is the Capport Option". Kind of an odd way of doing it, but avoids the issue of bloating the response packets from the server. For support, it requires special processing on the server. In any case, you might want to raise this to the DHC WG as perhaps others may have some suggestions as to how best to handle this.

- Bernie

-----Original Message-----
From: Warren Kumari <warren@kumari.net> 
Sent: Friday, December 20, 2019 12:52 PM
To: Bernie Volz (volz) <volz@cisco.com>
Cc: Michael Richardson <mcr+ietf@sandelman.ca>; captive-portals@ietf.org
Subject: Re: [Captive-portals] option 160 conflict

On Fri, Dec 20, 2019 at 10:44 AM Bernie Volz (volz) <volz@cisco.com> wrote:
>
> I think the list at https://www.iana.org/assignments/bootp-dhcp-parameters/bootp-dhcp-parameters.xhtml is more complete and it is the "authoritative" list?

Ah, yes, that is (clearly) the authoritative source, but what I didn't realize (honestly, because I didn't look :-)) was that it also included known unauthorized uses.

>
> The only entry at the link you provided that doesn't seem to be in the IANA page is 252, but that is in the "Reserved (Private Use)" range so would not conflict (with IANA assignments, though could if privately used for multiple purposes). But, it is possible I missed something.

Nope, you didn't miss anything - I got over-excited finding that list, and didn't bother checking the IANA list...

>
> Note also that the IANA page lists the multiple uses, if we were notified that there are several uses of an option code.
>
> Also, if you have details on what else option 160 is used for (a bit more than just "Polycom"), it would be useful to know as I can request IANA to add that usage to the table - just so people are aware that there could be issues in the field.

Will do - Singapore is all a bit of a blur at this point, but apparently Polycom started using 160 "in order to avoid issues in environments where option 66 was already used by other VoIP phones from different manufacturers.", and also "LYNC SKU Polycom VVX phone it will use Option 161 instead to ensure a mix of phones can be used."
(https://community.polycom.com/t5/VoIP-SIP-Phones/DHCP-Standardization-160-vs-66/td-p/72577
- Standardization: "You Keep Using That Word, I Do Not Think It Means What You Think It Means") -- this is all clearly somewhat of a mess, and will need more research, but apparently the option contains a URI for fetching provisioning info, which contains stuff like if the phone should auto-answer, etc...

>
> While I don't think it makes sense to change the option code in a published RFC (as that likely would create even more confusion), if you did, codes <128 are "safer" as they were always in the range that was managed by IANA (however, that did not prevent someone from using without going through IETF processes).

Yup - we have RFC7710, which uses Option 160. We are currently working on / almost done with RFC7710bis ( https://datatracker.ietf.org/doc/draft-ietf-capport-rfc7710bis/ ) which fixes (and obsoletes) some stupidity in RFC7710 -- we were considering asking for a new code when draft-ietf-capport-rfc7710bis is published (so this would be part of a new document, not withdrawing and republishing just for this issue).
I've helped run a number of conference networks (one of the uses for
RFC7710 / draft-ietf-capport-rfc7710bis), and have often seen Polycom's in use - as "nah, you can't use your conference phone at our conference" is likely not a tenable position, do you think we should request that we get a <128 option when we publish draft-ietf-capport-rfc7710bis ?

W


>
> - Bernie
>
> -----Original Message-----
> From: Warren Kumari <warren@kumari.net>
> Sent: Thursday, December 19, 2019 9:53 PM
> To: Michael Richardson <mcr+ietf@sandelman.ca>; Bernie Volz (volz) 
> <volz@cisco.com>
> Cc: captive-portals@ietf.org
> Subject: Re: [Captive-portals] option 160 conflict
>
> On Thu, Nov 28, 2019 at 2:56 AM Michael Richardson <mcr+ietf@sandelman.ca> wrote:
> >
> >
> > Bernie Volz (volz) <volz@cisco.com> wrote:
> >     > The issue with the 128-254 option range is that they were, originally,
> >     > site-specific options (i.e., available for use within a site). However,
> >     > many vendors hijacked them. And, when we reassigned much of this range
> >     > to the IANA assigned options pool, the vendors failed to request a more
> >     > permanent assignment for their option use. I suspect though that you
> >     > are well aware of that entire process
> >     > (https://tools.ietf.org/html/rfc3942).
> >
> >     > I don't know when Polycom decided to use this 160 option as RFC3942
> >     > dates back to November 2004.
> >
> > This explains a lot about why we conflicted on option 160, and that 
> > perhaps we shouldn't have been so upset.
> >
>
>
> Reviving an old thread -- I was one of the people a: who was super-annoyed by this and b: helping run the CAPPORT experiment at IETF106, where we discovered the issue.
>
> Having had some time to reflect on this, and with the history lesson from Bernie, I am leaning towards the "Meh, we should just stick with Option 160" stance...
>
> We *could* ask for a new one in the -bis, and I suspect that e.g 169 won't be as "polluted", but I might be wrong, and it might be as bad or worse....
>
> Here is a random PDF of known usages - 
> https://link.springer.com/content/pdf/bbm%3A978-1-4302-2773-1%2F1.pdf
> -- does anyone have a more complete list?
>
> W
>
> > It seems to me that DHC WG has to help IANA avoid conflicts like 
> > this in the future.
> >
> > --
> > Michael Richardson <mcr+IETF@sandelman.ca>, Sandelman Software Works 
> > -= IPv6 IoT consulting =-
> >
> >
> >
> > _______________________________________________
> > Captive-portals mailing list
> > Captive-portals@ietf.org
> > https://www.ietf.org/mailman/listinfo/captive-portals
>
>
>
> --
> I don't think the execution is relevant when it was obviously a bad idea in the first place.
> This is like putting rabid weasels in your pants, and later expressing regret at having chosen those particular rabid weasels and that pair of pants.
>    ---maf



--
I don't think the execution is relevant when it was obviously a bad idea in the first place.
This is like putting rabid weasels in your pants, and later expressing regret at having chosen those particular rabid weasels and that pair of pants.
   ---maf

v2.23.0 | Report a Bug | By Email