IETF Logo Mail Archive

Re: [Doh] [EXTERNAL] Re: Captive portals (was Re: suggested slides for IETF 104 on draft-reid-doh-operator)

Daniel Stenberg <daniel@haxx.se> Fri, 15 March 2019 09:30 UTC

Return-Path: <daniel@haxx.se>
X-Original-To: doh@ietfa.amsl.com
Delivered-To: doh@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BAD96127887 for <doh@ietfa.amsl.com>; Fri, 15 Mar 2019 02:30:54 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.2
X-Spam-Level:
X-Spam-Status: No, score=-4.2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id FsMcbj0njPJr for <doh@ietfa.amsl.com>; Fri, 15 Mar 2019 02:30:52 -0700 (PDT)
Received: from giant.haxx.se (www.haxx.se [IPv6:2a00:1a28:1200:9::2]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 20DC61277DB for <doh@ietf.org>; Fri, 15 Mar 2019 02:30:51 -0700 (PDT)
Received: from giant.haxx.se (mail [127.0.0.1]) by giant.haxx.se (8.15.2/8.15.2/Debian-4) with ESMTPS id x2F9UlA2007491 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Fri, 15 Mar 2019 10:30:47 +0100
Received: from localhost (dast@localhost) by giant.haxx.se (8.15.2/8.15.2/Submit) with ESMTP id x2F9UkjI007479; Fri, 15 Mar 2019 10:30:46 +0100
X-Authentication-Warning: giant.haxx.se: dast owned process doing -bs
Date: Fri, 15 Mar 2019 10:30:46 +0100
From: Daniel Stenberg <daniel@haxx.se>
X-X-Sender: dast@giant.haxx.se
To: "Winfield, Alister" <Alister.Winfield@sky.uk>
cc: DoH WG <doh@ietf.org>
In-Reply-To: <E45A79F6-CB07-4DBF-BB8A-D75B3A7BC808@sky.uk>
Message-ID: <alpine.DEB.2.20.1903151028230.5797@tvnag.unkk.fr>
References: <A0E89D03-9D2D-462F-88F4-11824AC9A523@rfc1035.com> <0fce90e8-38ef-4503-8e52-0ef8c8d87f64@www.fastmail.com> <9B23961D-8D05-462C-A444-0139B354F171@rfc1035.com> <alpine.DEB.2.20.1903150903480.5797@tvnag.unkk.fr> <E45A79F6-CB07-4DBF-BB8A-D75B3A7BC808@sky.uk>
User-Agent: Alpine 2.20 (DEB 67 2015-01-07)
X-fromdanielhimself: yes
MIME-Version: 1.0
Content-Type: text/plain; charset="US-ASCII"; format="flowed"
Archived-At: <https://mailarchive.ietf.org/arch/msg/doh/PziWmQOQdKQNeqw2xu_DAh487PE>
Subject: Re: [Doh] [EXTERNAL] Re: Captive portals (was Re: suggested slides for IETF 104 on draft-reid-doh-operator)
X-BeenThere: doh@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: DNS Over HTTPS <doh.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/doh>, <mailto:doh-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/doh/>
List-Post: <mailto:doh@ietf.org>
List-Help: <mailto:doh-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/doh>, <mailto:doh-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 15 Mar 2019 09:30:55 -0000

On Fri, 15 Mar 2019, Winfield, Alister wrote:

>    In those cases, some users have been known to fire up a *separate*
>    browser to resolve the captive situation as then the DoH-using browser
>    can come back to the living.
>
> This is obviously a technical user. Somewhat north of, I guess, 70% of 
> normal users would either give up or assume that their local service 
> provider can sort out the problem.

Which is why I don't think users who *might* end up in a captive portal should 
have DoH-without-fallback enabled unless they know perfectly well what they're 
doing and can get themselves out of it.

A DoH-without-fallback config has several other quirks as well with local host 
names etc that I doubt a lot of users will experience that without having 
asked for it themselves.

-- 

  / daniel.haxx.se

v2.23.0 | Report a Bug | By Email