IETF Logo Mail Archive

Re: [mif] declaring interface 'up', with WiFi DNS/HTTP interception (login) proxies [was RE: DNS selection with HE-MIF]

Michael Richardson <mcr+ietf@sandelman.ca> Fri, 08 February 2013 13:49 UTC

Return-Path: <mcr@sandelman.ca>
X-Original-To: mif@ietfa.amsl.com
Delivered-To: mif@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2295421F8A51 for <mif@ietfa.amsl.com>; Fri, 8 Feb 2013 05:49:58 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id QzsUfHeTnYNu for <mif@ietfa.amsl.com>; Fri, 8 Feb 2013 05:49:57 -0800 (PST)
Received: from tuna.sandelman.ca (unknown [IPv6:2607:f0b0:f:3:216:3eff:fe7c:d1f3]) by ietfa.amsl.com (Postfix) with ESMTP id 7D2E221F851C for <mif@ietf.org>; Fri, 8 Feb 2013 05:49:57 -0800 (PST)
Received: from sandelman.ca (unknown [IPv6:2607:f0b0:f:2::247]) by tuna.sandelman.ca (Postfix) with ESMTP id 7C5222016D; Fri, 8 Feb 2013 08:56:00 -0500 (EST)
Received: by sandelman.ca (Postfix, from userid 179) id F03DA6376A; Fri, 8 Feb 2013 08:48:54 -0500 (EST)
Received: from sandelman.ca (localhost [127.0.0.1]) by sandelman.ca (Postfix) with ESMTP id D79F963769; Fri, 8 Feb 2013 08:48:54 -0500 (EST)
From: Michael Richardson <mcr+ietf@sandelman.ca>
To: mif@ietf.org
In-Reply-To: <5113E9EF.5090400@network-heretics.com>
References: <0f2e01ce0556$6698cf60$33ca6e20$@cisco.com> <5113E9EF.5090400@network-heretics.com>
X-Mailer: MH-E 8.3; nmh 1.3-dev; XEmacs 21.4 (patch 22)
X-Face: $\n1pF)h^`}$H>Hk{L"x@)JS7<%Az}5RyS@k9X%29-lHB$Ti.V>2bi.~ehC0; <'$9xN5Ub# z!G,p`nR&p7Fz@^UXIn156S8.~^@MJ*mMsD7=QFeq%AL4m<nPbLgmtKK-5dC@#:k
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-="; micalg="pgp-sha1"; protocol="application/pgp-signature"
Date: Fri, 08 Feb 2013 08:48:54 -0500
Message-ID: <20067.1360331334@sandelman.ca>
Sender: mcr@sandelman.ca
Cc: Keith Moore <moore@network-heretics.com>
Subject: Re: [mif] declaring interface 'up', with WiFi DNS/HTTP interception (login) proxies [was RE: DNS selection with HE-MIF]
X-BeenThere: mif@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Multiple Interface Discussion List <mif.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/mif>, <mailto:mif-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/mif>
List-Post: <mailto:mif@ietf.org>
List-Help: <mailto:mif-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/mif>, <mailto:mif-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 08 Feb 2013 13:49:58 -0000

>>>>> "Keith" == Keith Moore <moore@network-heretics.com> writes:
    >> For MIF -- not just HE-MIF, but all of MIF -- we should not
    >> declare an interface "up" until such a validation succeeds.  It
    >> is unfortunate this is not solved at layer 2, where it arguably
    >> belongs.

    Keith> Would it be worthwhile for MIF to start making a list of
    Keith> things that really need solutions elsewhere?  Even if there
    Keith> are hacks or heuristics that are used in the absence of such
    Keith> solutions?

Yes.

In the portal case, we need a DHCP "login required" message.
It would be nice if we also had a BCP on how to signal and upgrade
From HTTP login to some DHCP EAP, perhaps using a EAP-TLS resume 
From the HTTP session state.  This would permit captive portals to 
recognize re-logins.

-- 
Michael Richardson <mcr+IETF@sandelman.ca>, Sandelman Software Works

v2.23.0 | Report a Bug | By Email