IETF Logo Mail Archive

Re: [dhcwg] AD sponsoring - draft-wkumari-dhc-capport-07

Ole Troan <otroan@employees.org> Fri, 23 January 2015 10:24 UTC

Return-Path: <otroan@employees.org>
X-Original-To: dhcwg@ietfa.amsl.com
Delivered-To: dhcwg@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CBFC71A8908; Fri, 23 Jan 2015 02:24:03 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.011
X-Spam-Level:
X-Spam-Status: No, score=-2.011 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id u0N5dc4pghXg; Fri, 23 Jan 2015 02:24:02 -0800 (PST)
Received: from banjo.employees.org (banjo.employees.org [IPv6:2001:1868:205::19]) (using TLSv1 with cipher ADH-CAMELLIA256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 05D3A1A1AF6; Fri, 23 Jan 2015 02:24:02 -0800 (PST)
Received: from banjo.employees.org (localhost [127.0.0.1]) by banjo.employees.org (Postfix) with ESMTP id E80716161; Fri, 23 Jan 2015 02:24:00 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=employees.org; h= content-type:mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; s= selector1; bh=5Ctk+hfS2uawdv5zIDperLY7jyc=; b=B5VqPZWizOlT88+IxH IVEpGezIfPv5XFqQgI1bYEdX39kA9H6mVTPhLr3FQTEfc10dh3W3vNT8L1YGJkYd gxQ91ebY8qWfrq4bwnu10v62i09Qz7YHkyHwafzGaWb0BuWsdTNHPwlY/KXIzxak vxCAYSRqdImJ+m+oGu4z/UrE8=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=employees.org; h= content-type:mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; q=dns; s= selector1; b=hQcsz4RGt/qmBi+D8y7ee9E9FSEJsnXaXWNyl+rklah14SjkOWf pHY9OQ8590NpfOJ0I66xEQ5QUomEOHnTYg+5OnR9rZs+QuMwF0MEGVtjiJFRbCov FX1ecEFc2XAvEbDhCrNi1X0PIuKp/mZrwe/SK9516RcWVEth4hzfD88E=
Received: from gomlefisk.localdomain (173-38-208-170.cisco.com [173.38.208.170]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) (Authenticated sender: otroan) by banjo.employees.org (Postfix) with ESMTPSA id 716326141; Fri, 23 Jan 2015 02:24:00 -0800 (PST)
Received: from [IPv6:::1] (localhost [IPv6:::1]) by gomlefisk.localdomain (Postfix) with ESMTP id 4ED593D33971; Fri, 23 Jan 2015 11:23:58 +0100 (CET)
Content-Type: text/plain; charset="us-ascii"
Mime-Version: 1.0 (Mac OS X Mail 8.2 \(2070.4\))
From: Ole Troan <otroan@employees.org>
In-Reply-To: <1C56356A-A644-4E6E-AACF-D50183F467A4@nominum.com>
Date: Fri, 23 Jan 2015 11:23:58 +0100
Content-Transfer-Encoding: quoted-printable
Message-Id: <D7CD39F9-217E-4C06-ACAE-68AF7CA024B1@employees.org>
References: <54A9B162.1040407@bogus.com> <1C56356A-A644-4E6E-AACF-D50183F467A4@nominum.com>
To: Ted Lemon <Ted.Lemon@nominum.com>
X-Mailer: Apple Mail (2.2070.4)
Archived-At: <http://mailarchive.ietf.org/arch/msg/dhcwg/Pab3S4A4DsrejxaOepa8AGAYT4k>
Cc: Joel Jaeggli <joelja@bogus.com>, "dhcwg@ietf.org" <dhcwg@ietf.org>, "opsawg@ietf.org" <opsawg@ietf.org>
Subject: Re: [dhcwg] AD sponsoring - draft-wkumari-dhc-capport-07
X-BeenThere: dhcwg@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: <dhcwg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dhcwg>, <mailto:dhcwg-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dhcwg/>
List-Post: <mailto:dhcwg@ietf.org>
List-Help: <mailto:dhcwg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dhcwg>, <mailto:dhcwg-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 23 Jan 2015 10:24:04 -0000

>> After some dicussion last year, I have agreed to sponsor
>> draft-wkumari-dhc-capport
>> (https://tools.ietf.org/html/draft-wkumari-dhc-capport-07). what I'm
>> looking for feeback on right now is feedback from potential
>> implementors, either of client implementations of captive portal
>> detection or captive portals as to:
>> 
>> * Whether or not this represents a reasonable optimization,
>> 
>> * Have we gotten the security considerations right?
>> 
>> * Would you use it if there was general consensus to the approach.
> 
> I haven't seen any responses to this.  I don't expect you'll see any "we would use this responses," and you shouldn't predicate this work on seeing any.   I think the idea is fine, although I think the requirement that the URI use an address literal is unnecessary.   If the implementor wants to do that, they can, or they can just only answer DNS queries for the local domain until the user authenticates.   They'd have to do that to support the redirect anyway.
> 
> I think the document has way too much explanatory text.   It's good that it's there for now so that people can understand the problem that this draft purports to solve, but it should not be in the final version.   Just explain how to use DHCP and ND to send this option (I think supporting it in ND is worthwhile, because DHCP isn't really very useful in an IPv6 hotspot environment).
> 
> It would be nice to talk about ways to authenticate this, e.g. PKI or DNSSEC certs.
> 
> I think you should run it by some people with HTTP fu to make sure that you haven't missed any obvious gaps, and of course run it by somebody with HTTP security fu to make sure there aren't any security flaws that need to be addressed.
> 
> I would not object to you AD-sponsoring this.   It's not in-charter for DHC, nor for 6man.   You should get it reviewed in both places, not just in DHC.
> 
> You may find section 5.7 of RFC 7227 useful: it would be good to make sure that your use of the DHCP URI option format meshes with what RFC 7227 does.   I didn't notice a problem, but didn't look all that carefully.

is this needed when you have 802.11u?

does it conflict or should it be integrated with the prefix properties in http://tools.ietf.org/html/draft-lepape-6man-prefix-metadata-00

what's this proposals relationship with MIF's PVDs?

cheers,
Ole

v2.23.0 | Report a Bug | By Email