Re: [dhcwg] "captive portal" issues addressed ?
liu dapeng <maxpassion@gmail.com> Thu, 08 March 2012 03:45 UTC
Return-Path: <maxpassion@gmail.com>
X-Original-To: dhcwg@ietfa.amsl.com
Delivered-To: dhcwg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7E96521E8012 for <dhcwg@ietfa.amsl.com>; Wed, 7 Mar 2012 19:45:31 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.114
X-Spam-Level:
X-Spam-Status: No, score=-3.114 tagged_above=-999 required=5 tests=[AWL=-0.115, BAYES_00=-2.599, J_CHICKENPOX_53=0.6, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id gHKFSN1gP38v for <dhcwg@ietfa.amsl.com>; Wed, 7 Mar 2012 19:45:30 -0800 (PST)
Received: from mail-iy0-f172.google.com (mail-iy0-f172.google.com [209.85.210.172]) by ietfa.amsl.com (Postfix) with ESMTP id 6466521E800E for <dhcwg@ietf.org>; Wed, 7 Mar 2012 19:45:30 -0800 (PST)
Received: by iazz13 with SMTP id z13so108094iaz.31 for <dhcwg@ietf.org>; Wed, 07 Mar 2012 19:45:30 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type:content-transfer-encoding; bh=65Qu+dkMZJhDvkuCAsR79oXkMlHFPaE5RdGvsEJ+N1k=; b=dqCf7UhlLr0AUCBOXVxRszqrg0A3lD/+Uh523L07WJ6KmIttC/wUsjQerhE/sN8DSD UsbsqQq7pC1PYBfWW+OHEWiiOUzLwVRmtJQplgwS+rHfU7aoktFsl6lGDCrKY7Q4ijf1 uQKpUz5HbPZqQ8HjKJViWbuv7APpArOX1Mic/ZVsqwDQqwU8DWvL9A+ACRuebosQ0ZAa PH5YrGFmhWDTgzkNa97YQwu0HFQSDJ+Vfs2Qsge3BXI+w0yAPs7cjwFzue7g92DlxeuV bFItIPLUs8Dk4OXL/sGiSeLIN5lx9LMd8R9sIWbQtu3lDeTJBy/MVtDXH9D38GkDhKW0 hk2w==
MIME-Version: 1.0
Received: by 10.50.179.98 with SMTP id df2mr4135608igc.32.1331178329933; Wed, 07 Mar 2012 19:45:29 -0800 (PST)
Received: by 10.42.244.138 with HTTP; Wed, 7 Mar 2012 19:45:29 -0800 (PST)
In-Reply-To: <4F57DE62.2010305@KingsMountain.com>
References: <4F57DE62.2010305@KingsMountain.com>
Date: Thu, 08 Mar 2012 11:45:29 +0800
Message-ID: <CAKcc6Acu=W0BSKMviVzWpbnfYtYypR8XTdseH6KNEXE4Ws4GLQ@mail.gmail.com>
From: liu dapeng <maxpassion@gmail.com>
To: =JeffH <Jeff.Hodges@kingsmountain.com>
Content-Type: text/plain; charset="windows-1252"
Content-Transfer-Encoding: quoted-printable
Cc: dhcwg@ietf.org
Subject: Re: [dhcwg] "captive portal" issues addressed ?
X-BeenThere: dhcwg@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: <dhcwg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dhcwg>, <mailto:dhcwg-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dhcwg>
List-Post: <mailto:dhcwg@ietf.org>
List-Help: <mailto:dhcwg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dhcwg>, <mailto:dhcwg-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 08 Mar 2012 03:45:31 -0000
2012/3/8, =JeffH <Jeff.Hodges@kingsmountain.com>: > > What is(are) the "captive portal" issue(s) and how does this address it? > > from <https://en.wikipedia.org/wiki/Captive_portal> [0] .. > > "The captive portal technique forces an HTTP client on a network to see a > special web page (usually for authentication purposes) before using the > Internet normally. A captive portal turns a Web browser into an > authentication > device.[1] This is done by intercepting all packets, regardless of address > or > port, until the user opens a browser and tries to access the Internet. At > that > time the browser is redirected to a web page which may require > authentication > and/or payment, or simply display an acceptable use policy and require the > user > to agree. Captive portals are used at many Wi-Fi hotspots, and can be used > to > control wired access (e.g. apartment houses, hotel rooms, business centers, > "open" Ethernet jacks) as well." > > The wikipedia article lists some of the more common approaches, as well as > outlines limitations. > > The main issue is that "There is more than one way to implement a captive > portal." Thus they all end up working a bit differently, and there's also > conflicts with end-to-end security such as HTTP Strict Transport Security You can refer WISPr for web portal based authentication: http://en.wikipedia.org/wiki/WISPr Regards, -Dapeng Liu > (HSTS), e.g. if one's browser will only use TLS/SSL to contact some website you > use to attempt to get the captive portal page to load in your browser, but > the > captive portal you're behind doesn't use TLS, and doesn't pass it through, > you > end up just sitting there with a hung browser, unless you think of some > other > website to try to contact that is not HTTPS-only. > > There's been various modest attempts in the IETF to standardize something > that > addresses captive portals, e.g. draft-nottingham-http-portal-02 [1], > superseded > by section 6.1 "The 511 Status Code and Captive Portals" of > draft-nottingham-http-new-status-04 [2]. > > Then there's also the Microsoft Windows use of DHCP option 252 [3] in "Web > Proxy Autodiscovery Protocol (WPAD)", which is not fully standardized, and > has > some spotty coverage (outside of the Microsoft world), AFAICT [4, 5]. WPAD > was > a work item of the WREC (Web Replication and Caching) working group (WG), > which > morphed into the WEBI (Web Intermediaries) WG. The two serial WG's produced > two > "Informational" RFCs before disbanding [6, 7], as well as this I-D [8] (I > haven't reviewed all of them in detail, tho they don't mention the term > "captive portal"). > > HTH, > > =JeffH > > > [0] Captive portal > https://en.wikipedia.org/wiki/Captive_portal > > [1] The Network Authentication Required HTTP Status Code > https://tools.ietf.org/html/draft-nottingham-http-portal > > [2] Additional HTTP Status Codes > https://tools.ietf.org/html/draft-nottingham-http-new-status > > [3] Dynamic Host Configuration Protocol (DHCP) and Bootstrap Protocol > (BOOTP) > Parameters > > http://www.iana.org/assignments/bootp-dhcp-parameters/bootp-dhcp-parameters.xml > > [4] Web Proxy Autodiscovery Protocol (WPAD) > https://en.wikipedia.org/wiki/Web_Proxy_Autodiscovery_Protocol > > [5] RE: Auto-detect in Firefox with a wpad file??? - 15.Apr.2009 6:27:28 AM > http://forums.isaserver.org/fb.aspx?m=2002085031 > > Better Proxy Settingsā¦ Bluecoat, wpad, proxy.pac & dhcp option 252 > > http://www.linickx.com/960/better-proxy-settings-bluecoat-wpad-proxypac-dhcp-option-252 > > DHCP, 'wpad' option 252 (Apple Support Communities) > https://discussions.apple.com/thread/2309560?start=0&tstart=0 > > Microsoft Internet Security and Acceleration Server 2004 > Automatic Discovery for Firewall and Web Proxy Clients > http://technet.microsoft.com/en-us/library/cc713344.aspx > > > [6] Internet Web Replication and Caching Taxonomy > https://tools.ietf.org/html/rfc3040 > > [7] Known HTTP Proxy/Caching Problems > https://tools.ietf.org/html/rfc3143 > > [8] Known HTTP Proxy/Caching Problems > https://tools.ietf.org/id/draft-ietf-wrec-known-prob-03.txt > > --- > end > > > _______________________________________________ > dhcwg mailing list > dhcwg@ietf.org > https://www.ietf.org/mailman/listinfo/dhcwg > -- ------ Best Regards, Dapeng Liu
- Re: [dhcwg] "captive portal" issues addressed ? =JeffH
- Re: [dhcwg] "captive portal" issues addressed ? Ted Lemon
- Re: [dhcwg] "captive portal" issues addressed ? perl-list
- [dhcwg] "captive portal" issues addressed ? =JeffH
- Re: [dhcwg] "captive portal" issues addressed ? perl-list
- Re: [dhcwg] "captive portal" issues addressed ? Simon Hobson
- Re: [dhcwg] "captive portal" issues addressed ? Basavaraj.Patil
- Re: [dhcwg] "captive portal" issues addressed ? Ted Lemon
- Re: [dhcwg] "captive portal" issues addressed ? liu dapeng
- Re: [dhcwg] "captive portal" issues addressed ? perl-list