Re: [media-types] Notice of intended registration of "application/captive+json"
"Florent Viard (Sodria)" <florent@sodria.com> Wed, 15 April 2020 17:47 UTC
Return-Path: <florent@sodria.com>
X-Original-To: media-types@ietfa.amsl.com
Delivered-To: media-types@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id AA4E93A0E8C for <media-types@ietfa.amsl.com>; Wed, 15 Apr 2020 10:47:31 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 1.064
X-Spam-Level: *
X-Spam-Status: No, score=1.064 tagged_above=-999 required=5 tests=[BAYES_40=-0.001, HTML_MESSAGE=0.001, KHOP_HELO_FCRDNS=0.398, SPF_SOFTFAIL=0.665, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id JHnsV-kzWd39 for <media-types@ietfa.amsl.com>; Wed, 15 Apr 2020 10:47:30 -0700 (PDT)
Received: from pechora1.lax.icann.org (pechora1.icann.org [IPv6:2620:0:2d0:201::1:71]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1A1DD3A0E89 for <media-types@ietf.org>; Wed, 15 Apr 2020 10:47:29 -0700 (PDT)
Received: from mail.tcool.fr (ks3359019.kimsufi.com [37.187.96.26]) by pechora1.lax.icann.org (Postfix) with ESMTP id C44A91E0AEE for <media-types@iana.org>; Wed, 15 Apr 2020 17:47:28 +0000 (UTC)
Received: from localhost (localhost.localdomain [127.0.0.1]) by mail.tcool.fr (Postfix) with ESMTP id 4260AC60081 for <media-types@iana.org>; Wed, 15 Apr 2020 19:27:25 +0200 (CEST)
Received: from mail.tcool.fr ([127.0.0.1]) by localhost (ks3359019.kimsufi.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id oSQDI1yxWCIl for <media-types@iana.org>; Wed, 15 Apr 2020 19:27:25 +0200 (CEST)
Received: from mail-ed1-f42.google.com (mail-ed1-f42.google.com [209.85.208.42]) by mail.tcool.fr (Postfix) with ESMTPSA id EB129C60074 for <media-types@iana.org>; Wed, 15 Apr 2020 19:27:24 +0200 (CEST)
Received: by mail-ed1-f42.google.com with SMTP id j20so6023381edj.0 for <media-types@iana.org>; Wed, 15 Apr 2020 10:27:24 -0700 (PDT)
X-Gm-Message-State: AGi0PuYjaVpJUVCzYV929sE2MU3sUkhnkikDw2CAUEZOuzG0hwcc1g27 3FWcUSXd1suj5xw476J39KiVHnrNoNZB6vpUdQA=
X-Google-Smtp-Source: APiQypLuYgSx3YvO3yVIoLiXeLc6h76mDFrNJJx4OuRxudM/rybiHEkurPDlWxWLSdoMK9GGwA2zD1m+EVWSoh57Bac=
X-Received: by 2002:a50:b003:: with SMTP id i3mr26007094edd.303.1586971644265; Wed, 15 Apr 2020 10:27:24 -0700 (PDT)
MIME-Version: 1.0
References: <7C97D082-89AD-418E-9C1F-158C263BEE82@contoso.com>
In-Reply-To: <7C97D082-89AD-418E-9C1F-158C263BEE82@contoso.com>
From: "Florent Viard (Sodria)" <florent@sodria.com>
Date: Wed, 15 Apr 2020 19:27:13 +0200
X-Gmail-Original-Message-ID: <CAMiUVfxE=BP_TJp2jozNfq8nDQ1n1SnK6ZMQPL4fwFRaMDZ+7g@mail.gmail.com>
Message-ID: <CAMiUVfxE=BP_TJp2jozNfq8nDQ1n1SnK6ZMQPL4fwFRaMDZ+7g@mail.gmail.com>
To: Darshak Thakore <d.thakore@cablelabs.com>
Cc: "media-types@iana.org" <media-types@iana.org>
X-Greylist: Delayed for 00:19:41 by milter-greylist-4.6.2 (pechora1.lax.icann.org [192.0.33.71]); Wed, 15 Apr 2020 17:47:29 +0000 (UTC)
Content-Type: multipart/alternative; boundary="000000000000200a2805a357a172"
Archived-At: <https://mailarchive.ietf.org/arch/msg/media-types/afsUnKCQDSFmDcFlbnNuyk-LAOw>
Subject: Re: [media-types] Notice of intended registration of "application/captive+json"
X-BeenThere: media-types@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "IANA mailing list for reviewing Media Type \(MIME Type, Content Type\) registration requests." <media-types.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/media-types>, <mailto:media-types-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/media-types/>
List-Post: <mailto:media-types@ietf.org>
List-Help: <mailto:media-types-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/media-types>, <mailto:media-types-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 15 Apr 2020 17:47:32 -0000
Hi, I don't understand why you want to use(/register) as specific application/captive+json and not simply application/json. >From what I can see in the specification, you are not using that as a "specific" file in itself. It is just a standard json reply to a standard request without added value. Regarding the capport-api, I don't know where would be the relevant place for me to submit some remarks? But I profit of this email to list of few of them that I have. It is nice to attempt to fix the "captive portal" situation but I think there a few things that could be improved. 1) There should probably be the current api version inside the reply (json) 2) There could probably be more fields that would be useful: - network access when "captive" ie (before login): restricted, lan, wan, internet - network access when not anymore captive (after login): restricted, lan, wan, internet - If the network is restricted to using a specific dns server, and in that case its address 3) MOST Important: You can't force HTTPS/TLS for such an usage! - Most of the time, it will be an embedded consumer devices that can't get easily a domain name and certificate. - Client devices might not already be on a correct date/time, with updated root certificates, as they might never have connected to internet without a captive portal first. - In the end, the captive portal can give you access to an internal network that is not connected to internet - As the client device will have no internet/dns connection before being authorized by the portal, the captive-portal server will probably be targeted by IP addr and not domain name. (cf. RFC7710) - I guess it will be the role of the "UX" to warn the user of the dangers before doing any action if no TLS available. Also: - This rule was designed against man in the middle attack impersonating the captive-portal. But, in small structures that would not be able to offer TLS, we can assume that if we are behind a captive-portal, it is this captive portal that is in control of the network and the only one in position to do man in the middle. Regards, Florent On Wed, Apr 1, 2020 at 3:19 PM Darshak Thakore <d.thakore@cablelabs.com> wrote: > As per Section 5.1 of RFC 6838, we wish to notify the list of the intended > registration of a new media type in the standards track document > https://tools.ietf.org/html/draft-ietf-capport-api-06. > > > > Comments and feedback welcome. > > > > Regards, > > Darshak > _______________________________________________ > media-types mailing list > media-types@ietf.org > https://www.ietf.org/mailman/listinfo/media-types >
- [media-types] Notice of intended registration of … Darshak Thakore
- Re: [media-types] Notice of intended registration… Florent Viard (Sodria)