Re: [dhcwg] "captive portal" issues addressed ?
=JeffH <Jeff.Hodges@KingsMountain.com> Wed, 07 March 2012 22:17 UTC
Return-Path: <Jeff.Hodges@KingsMountain.com>
X-Original-To: dhcwg@ietfa.amsl.com
Delivered-To: dhcwg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0CCBD11E80AF for <dhcwg@ietfa.amsl.com>; Wed, 7 Mar 2012 14:17:11 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -99.873
X-Spam-Level:
X-Spam-Status: No, score=-99.873 tagged_above=-999 required=5 tests=[AWL=0.022, BAYES_00=-2.599, FH_RELAY_NODNS=1.451, HELO_MISMATCH_COM=0.553, J_CHICKENPOX_53=0.6, RDNS_NONE=0.1, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id t8FL4gw3uqio for <dhcwg@ietfa.amsl.com>; Wed, 7 Mar 2012 14:17:10 -0800 (PST)
Received: from oproxy5-pub.bluehost.com (oproxy5.bluehost.com [IPv6:2605:dc00:100:2::a5]) by ietfa.amsl.com (Postfix) with SMTP id 0E50811E8074 for <dhcwg@ietf.org>; Wed, 7 Mar 2012 14:17:09 -0800 (PST)
Received: (qmail 15420 invoked by uid 0); 7 Mar 2012 22:17:09 -0000
Received: from unknown (HELO box514.bluehost.com) (74.220.219.114) by cpoproxy2.bluehost.com with SMTP; 7 Mar 2012 22:17:09 -0000
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=kingsmountain.com; s=default; h=Content-Transfer-Encoding:Content-Type:Subject:To:MIME-Version:From:Date:Message-ID; bh=dI+hYYUTEyCS54oK/ASJ5lJbQBavxI4+lvuBn1sKGmc=; b=2MeD3Adr+xWyTtyQkx0QNpHQFp3AT9LeUfNv2ncFWXdIT439zyrTa5tbPS8pEDCPEO3sKZkCCB97MguJZM4hgJfoDh4+UThz7+H2sWXFhYujqiseJKtKKnB1A8wHY0PV;
Received: from c-24-4-122-173.hsd1.ca.comcast.net ([24.4.122.173] helo=[192.168.11.11]) by box514.bluehost.com with esmtpsa (TLSv1:AES256-SHA:256) (Exim 4.76) (envelope-from <Jeff.Hodges@KingsMountain.com>) id 1S5PAS-0005sf-Uv for dhcwg@ietf.org; Wed, 07 Mar 2012 15:17:09 -0700
Message-ID: <4F57DE62.2010305@KingsMountain.com>
Date: Wed, 07 Mar 2012 14:17:06 -0800
From: =JeffH <Jeff.Hodges@KingsMountain.com>
User-Agent: Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.27) Gecko/20120216 Thunderbird/3.1.19
MIME-Version: 1.0
To: dhcwg@ietf.org
Content-Type: text/plain; charset="windows-1252"; format="flowed"
Content-Transfer-Encoding: quoted-printable
X-Identified-User: {11025:box514.bluehost.com:kingsmou:kingsmountain.com} {sentby:smtp auth 24.4.122.173 authed with jeff.hodges+kingsmountain.com}
Subject: Re: [dhcwg] "captive portal" issues addressed ?
X-BeenThere: dhcwg@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: <dhcwg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dhcwg>, <mailto:dhcwg-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dhcwg>
List-Post: <mailto:dhcwg@ietf.org>
List-Help: <mailto:dhcwg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dhcwg>, <mailto:dhcwg-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 07 Mar 2012 22:17:11 -0000
> What is(are) the "captive portal" issue(s) and how does this address it? from <https://en.wikipedia.org/wiki/Captive_portal> [0] .. "The captive portal technique forces an HTTP client on a network to see a special web page (usually for authentication purposes) before using the Internet normally. A captive portal turns a Web browser into an authentication device.[1] This is done by intercepting all packets, regardless of address or port, until the user opens a browser and tries to access the Internet. At that time the browser is redirected to a web page which may require authentication and/or payment, or simply display an acceptable use policy and require the user to agree. Captive portals are used at many Wi-Fi hotspots, and can be used to control wired access (e.g. apartment houses, hotel rooms, business centers, "open" Ethernet jacks) as well." The wikipedia article lists some of the more common approaches, as well as outlines limitations. The main issue is that "There is more than one way to implement a captive portal." Thus they all end up working a bit differently, and there's also conflicts with end-to-end security such as HTTP Strict Transport Security (HSTS), e.g. if one's browser will only use TLS/SSL to contact some website you use to attempt to get the captive portal page to load in your browser, but the captive portal you're behind doesn't use TLS, and doesn't pass it through, you end up just sitting there with a hung browser, unless you think of some other website to try to contact that is not HTTPS-only. There's been various modest attempts in the IETF to standardize something that addresses captive portals, e.g. draft-nottingham-http-portal-02 [1], superseded by section 6.1 "The 511 Status Code and Captive Portals" of draft-nottingham-http-new-status-04 [2]. Then there's also the Microsoft Windows use of DHCP option 252 [3] in "Web Proxy Autodiscovery Protocol (WPAD)", which is not fully standardized, and has some spotty coverage (outside of the Microsoft world), AFAICT [4, 5]. WPAD was a work item of the WREC (Web Replication and Caching) working group (WG), which morphed into the WEBI (Web Intermediaries) WG. The two serial WG's produced two "Informational" RFCs before disbanding [6, 7], as well as this I-D [8] (I haven't reviewed all of them in detail, tho they don't mention the term "captive portal"). HTH, =JeffH [0] Captive portal https://en.wikipedia.org/wiki/Captive_portal [1] The Network Authentication Required HTTP Status Code https://tools.ietf.org/html/draft-nottingham-http-portal [2] Additional HTTP Status Codes https://tools.ietf.org/html/draft-nottingham-http-new-status [3] Dynamic Host Configuration Protocol (DHCP) and Bootstrap Protocol (BOOTP) Parameters http://www.iana.org/assignments/bootp-dhcp-parameters/bootp-dhcp-parameters.xml [4] Web Proxy Autodiscovery Protocol (WPAD) https://en.wikipedia.org/wiki/Web_Proxy_Autodiscovery_Protocol [5] RE: Auto-detect in Firefox with a wpad file??? - 15.Apr.2009 6:27:28 AM http://forums.isaserver.org/fb.aspx?m=2002085031 Better Proxy Settingsā¦ Bluecoat, wpad, proxy.pac & dhcp option 252 http://www.linickx.com/960/better-proxy-settings-bluecoat-wpad-proxypac-dhcp-option-252 DHCP, 'wpad' option 252 (Apple Support Communities) https://discussions.apple.com/thread/2309560?start=0&tstart=0 Microsoft Internet Security and Acceleration Server 2004 Automatic Discovery for Firewall and Web Proxy Clients http://technet.microsoft.com/en-us/library/cc713344.aspx [6] Internet Web Replication and Caching Taxonomy https://tools.ietf.org/html/rfc3040 [7] Known HTTP Proxy/Caching Problems https://tools.ietf.org/html/rfc3143 [8] Known HTTP Proxy/Caching Problems https://tools.ietf.org/id/draft-ietf-wrec-known-prob-03.txt --- end
- Re: [dhcwg] "captive portal" issues addressed ? =JeffH
- Re: [dhcwg] "captive portal" issues addressed ? Ted Lemon
- Re: [dhcwg] "captive portal" issues addressed ? perl-list
- [dhcwg] "captive portal" issues addressed ? =JeffH
- Re: [dhcwg] "captive portal" issues addressed ? perl-list
- Re: [dhcwg] "captive portal" issues addressed ? Simon Hobson
- Re: [dhcwg] "captive portal" issues addressed ? Basavaraj.Patil
- Re: [dhcwg] "captive portal" issues addressed ? Ted Lemon
- Re: [dhcwg] "captive portal" issues addressed ? liu dapeng
- Re: [dhcwg] "captive portal" issues addressed ? perl-list