Re: [mif] declaring interface 'up', with WiFi DNS/HTTP interception (login) proxies [was RE: DNS selection with HE-MIF]
Alexandru Petrescu <alexandru.petrescu@gmail.com> Fri, 08 February 2013 17:12 UTC
Return-Path: <alexandru.petrescu@gmail.com>
X-Original-To: mif@ietfa.amsl.com
Delivered-To: mif@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 27D6021F8B70 for <mif@ietfa.amsl.com>; Fri, 8 Feb 2013 09:12:17 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -10.213
X-Spam-Level:
X-Spam-Status: No, score=-10.213 tagged_above=-999 required=5 tests=[AWL=0.036, BAYES_00=-2.599, HELO_EQ_FR=0.35, RCVD_IN_DNSWL_HI=-8]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id U3gV2tBN3z13 for <mif@ietfa.amsl.com>; Fri, 8 Feb 2013 09:12:16 -0800 (PST)
Received: from cirse-out.extra.cea.fr (cirse-out.extra.cea.fr [132.167.192.142]) by ietfa.amsl.com (Postfix) with ESMTP id 63D7521F8A7B for <mif@ietf.org>; Fri, 8 Feb 2013 09:12:16 -0800 (PST)
Received: from pisaure.intra.cea.fr (pisaure.intra.cea.fr [132.166.88.21]) by cirse.extra.cea.fr (8.14.2/8.14.2/CEAnet-Internet-out-2.3) with ESMTP id r18HCFJH015563 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT) for <mif@ietf.org>; Fri, 8 Feb 2013 18:12:15 +0100
Received: from muguet1.intra.cea.fr (muguet1.intra.cea.fr [132.166.192.6]) by pisaure.intra.cea.fr (8.14.4/8.14.4) with ESMTP id r18HCEtO030127 for <mif@ietf.org>; Fri, 8 Feb 2013 18:12:15 +0100 (envelope-from alexandru.petrescu@gmail.com)
Received: from [127.0.0.1] (is010446-4.intra.cea.fr [10.8.33.116]) by muguet1.intra.cea.fr (8.13.8/8.13.8/CEAnet-Intranet-out-1.2) with ESMTP id r18HCA4Q003753 for <mif@ietf.org>; Fri, 8 Feb 2013 18:12:14 +0100
Message-ID: <511531EA.7060507@gmail.com>
Date: Fri, 08 Feb 2013 18:12:10 +0100
From: Alexandru Petrescu <alexandru.petrescu@gmail.com>
User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:17.0) Gecko/20130107 Thunderbird/17.0.2
MIME-Version: 1.0
To: mif@ietf.org
References: <0f2e01ce0556$6698cf60$33ca6e20$@cisco.com> <5113E9EF.5090400@network-heretics.com> <20067.1360331334@sandelman.ca>
In-Reply-To: <20067.1360331334@sandelman.ca>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 8bit
Subject: Re: [mif] declaring interface 'up', with WiFi DNS/HTTP interception (login) proxies [was RE: DNS selection with HE-MIF]
X-BeenThere: mif@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Multiple Interface Discussion List <mif.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/mif>, <mailto:mif-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/mif>
List-Post: <mailto:mif@ietf.org>
List-Help: <mailto:mif-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/mif>, <mailto:mif-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 08 Feb 2013 17:12:17 -0000
Le 08/02/2013 14:48, Michael Richardson a écrit : > >>>>>> "Keith" == Keith Moore <moore@network-heretics.com> >>>>>> writes: >>> For MIF -- not just HE-MIF, but all of MIF -- we should not >>> declare an interface "up" until such a validation succeeds. It >>> is unfortunate this is not solved at layer 2, where it arguably >>> belongs. > > Keith> Would it be worthwhile for MIF to start making a list of > Keith> things that really need solutions elsewhere? Even if there > Keith> are hacks or heuristics that are used in the absence of such > Keith> solutions? > > Yes. > > In the portal case, we need a DHCP "login required" message. YEs, tool useful. Or an ARP reply message which could carry same "login required". This could be sent by the default router to the Client when it presents its MAC address. Rather ARP than DHCP because the end effect of the portal authentication is the opening of a firewall filter which is based on the MAC address. ARP is at the same level. > It would be nice if we also had a BCP on how to signal and upgrade > From HTTP login to some DHCP EAP, perhaps using a EAP-TLS resume > From the HTTP session state. This would permit captive portals to > recognize re-logins. Same with ARP... Alex > > > > _______________________________________________ mif mailing list > mif@ietf.org https://www.ietf.org/mailman/listinfo/mif >
- [mif] declaring interface 'up', with WiFi DNS/HTT… Dan Wing
- Re: [mif] declaring interface 'up', with WiFi DNS… Keith Moore
- Re: [mif] declaring interface 'up', with WiFi DNS… Ivancic, William D. (GRC-RHN0)
- Re: [mif] declaring interface 'up', with WiFi DNS… Michael Richardson
- Re: [mif] declaring interface 'up', with WiFi DNS… Brian E Carpenter
- Re: [mif] declaring interface 'up', with WiFi DNS… Alexandru Petrescu
- Re: [mif] declaring interface 'up', with WiFi DNS… Marc Blanchet
- Re: [mif] declaring interface 'up', with WiFi DNS… GangChen
- Re: [mif] declaring interface 'up', with WiFi DNS… Hui Deng