Re: [dhcwg] "captive portal" issues addressed ?
=JeffH <Jeff.Hodges@KingsMountain.com> Wed, 07 March 2012 22:17 UTC
Return-Path: <Jeff.Hodges@KingsMountain.com>
X-Original-To: dhcwg@ietfa.amsl.com
Delivered-To: dhcwg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0CCBD11E80AF for <dhcwg@ietfa.amsl.com>; Wed, 7 Mar 2012 14:17:11 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -99.873
X-Spam-Level:
X-Spam-Status: No, score=-99.873 tagged_above=-999 required=5 tests=[AWL=0.022, BAYES_00=-2.599, FH_RELAY_NODNS=1.451, HELO_MISMATCH_COM=0.553, J_CHICKENPOX_53=0.6, RDNS_NONE=0.1, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id t8FL4gw3uqio for <dhcwg@ietfa.amsl.com>; Wed, 7 Mar 2012 14:17:10 -0800 (PST)
Received: from oproxy5-pub.bluehost.com (oproxy5.bluehost.com [IPv6:2605:dc00:100:2::a5]) by ietfa.amsl.com (Postfix) with SMTP id 0E50811E8074 for <dhcwg@ietf.org>; Wed, 7 Mar 2012 14:17:09 -0800 (PST)
Received: (qmail 15420 invoked by uid 0); 7 Mar 2012 22:17:09 -0000
Received: from unknown (HELO box514.bluehost.com) (74.220.219.114) by cpoproxy2.bluehost.com with SMTP; 7 Mar 2012 22:17:09 -0000
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=kingsmountain.com; s=default; h=Content-Transfer-Encoding:Content-Type:Subject:To:MIME-Version:From:Date:Message-ID; bh=dI+hYYUTEyCS54oK/ASJ5lJbQBavxI4+lvuBn1sKGmc=; b=2MeD3Adr+xWyTtyQkx0QNpHQFp3AT9LeUfNv2ncFWXdIT439zyrTa5tbPS8pEDCPEO3sKZkCCB97MguJZM4hgJfoDh4+UThz7+H2sWXFhYujqiseJKtKKnB1A8wHY0PV;
Received: from c-24-4-122-173.hsd1.ca.comcast.net ([24.4.122.173] helo=[192.168.11.11]) by box514.bluehost.com with esmtpsa (TLSv1:AES256-SHA:256) (Exim 4.76) (envelope-from <Jeff.Hodges@KingsMountain.com>) id 1S5PAS-0005sf-Uv for dhcwg@ietf.org; Wed, 07 Mar 2012 15:17:09 -0700
Message-ID: <4F57DE62.2010305@KingsMountain.com>
Date: Wed, 07 Mar 2012 14:17:06 -0800
From: =JeffH <Jeff.Hodges@KingsMountain.com>
User-Agent: Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.27) Gecko/20120216 Thunderbird/3.1.19
MIME-Version: 1.0
To: dhcwg@ietf.org
Content-Type: text/plain; charset="windows-1252"; format="flowed"
Content-Transfer-Encoding: quoted-printable
X-Identified-User: {11025:box514.bluehost.com:kingsmou:kingsmountain.com} {sentby:smtp auth 24.4.122.173 authed with jeff.hodges+kingsmountain.com}
Subject: Re: [dhcwg] "captive portal" issues addressed ?
X-BeenThere: dhcwg@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: <dhcwg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dhcwg>, <mailto:dhcwg-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dhcwg>
List-Post: <mailto:dhcwg@ietf.org>
List-Help: <mailto:dhcwg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dhcwg>, <mailto:dhcwg-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 07 Mar 2012 22:17:11 -0000
> What is(are) the "captive portal" issue(s) and how does this address it?
from <https://en.wikipedia.org/wiki/Captive_portal> [0] ..
"The captive portal technique forces an HTTP client on a network to see a
special web page (usually for authentication purposes) before using the
Internet normally. A captive portal turns a Web browser into an authentication
device.[1] This is done by intercepting all packets, regardless of address or
port, until the user opens a browser and tries to access the Internet. At that
time the browser is redirected to a web page which may require authentication
and/or payment, or simply display an acceptable use policy and require the user
to agree. Captive portals are used at many Wi-Fi hotspots, and can be used to
control wired access (e.g. apartment houses, hotel rooms, business centers,
"open" Ethernet jacks) as well."
The wikipedia article lists some of the more common approaches, as well as
outlines limitations.
The main issue is that "There is more than one way to implement a captive
portal." Thus they all end up working a bit differently, and there's also
conflicts with end-to-end security such as HTTP Strict Transport Security
(HSTS), e.g. if one's browser will only use TLS/SSL to contact some website you
use to attempt to get the captive portal page to load in your browser, but the
captive portal you're behind doesn't use TLS, and doesn't pass it through, you
end up just sitting there with a hung browser, unless you think of some other
website to try to contact that is not HTTPS-only.
There's been various modest attempts in the IETF to standardize something that
addresses captive portals, e.g. draft-nottingham-http-portal-02 [1], superseded
by section 6.1 "The 511 Status Code and Captive Portals" of
draft-nottingham-http-new-status-04 [2].
Then there's also the Microsoft Windows use of DHCP option 252 [3] in "Web
Proxy Autodiscovery Protocol (WPAD)", which is not fully standardized, and has
some spotty coverage (outside of the Microsoft world), AFAICT [4, 5]. WPAD was
a work item of the WREC (Web Replication and Caching) working group (WG), which
morphed into the WEBI (Web Intermediaries) WG. The two serial WG's produced two
"Informational" RFCs before disbanding [6, 7], as well as this I-D [8] (I
haven't reviewed all of them in detail, tho they don't mention the term
"captive portal").
HTH,
=JeffH
[0] Captive portal
https://en.wikipedia.org/wiki/Captive_portal
[1] The Network Authentication Required HTTP Status Code
https://tools.ietf.org/html/draft-nottingham-http-portal
[2] Additional HTTP Status Codes
https://tools.ietf.org/html/draft-nottingham-http-new-status
[3] Dynamic Host Configuration Protocol (DHCP) and Bootstrap Protocol (BOOTP)
Parameters
http://www.iana.org/assignments/bootp-dhcp-parameters/bootp-dhcp-parameters.xml
[4] Web Proxy Autodiscovery Protocol (WPAD)
https://en.wikipedia.org/wiki/Web_Proxy_Autodiscovery_Protocol
[5] RE: Auto-detect in Firefox with a wpad file??? - 15.Apr.2009 6:27:28 AM
http://forums.isaserver.org/fb.aspx?m=2002085031
Better Proxy Settingsā¦ Bluecoat, wpad, proxy.pac & dhcp option 252
http://www.linickx.com/960/better-proxy-settings-bluecoat-wpad-proxypac-dhcp-option-252
DHCP, 'wpad' option 252 (Apple Support Communities)
https://discussions.apple.com/thread/2309560?start=0&tstart=0
Microsoft Internet Security and Acceleration Server 2004
Automatic Discovery for Firewall and Web Proxy Clients
http://technet.microsoft.com/en-us/library/cc713344.aspx
[6] Internet Web Replication and Caching Taxonomy
https://tools.ietf.org/html/rfc3040
[7] Known HTTP Proxy/Caching Problems
https://tools.ietf.org/html/rfc3143
[8] Known HTTP Proxy/Caching Problems
https://tools.ietf.org/id/draft-ietf-wrec-known-prob-03.txt
---
end
- Re: [dhcwg] "captive portal" issues addressed ? =JeffH
- Re: [dhcwg] "captive portal" issues addressed ? Ted Lemon
- Re: [dhcwg] "captive portal" issues addressed ? perl-list
- [dhcwg] "captive portal" issues addressed ? =JeffH
- Re: [dhcwg] "captive portal" issues addressed ? perl-list
- Re: [dhcwg] "captive portal" issues addressed ? Simon Hobson
- Re: [dhcwg] "captive portal" issues addressed ? Basavaraj.Patil
- Re: [dhcwg] "captive portal" issues addressed ? Ted Lemon
- Re: [dhcwg] "captive portal" issues addressed ? liu dapeng
- Re: [dhcwg] "captive portal" issues addressed ? perl-list