Re: [secdir] Secdir review of draft-wkumari-dhc-capport-13

Warren Kumari <warren@kumari.net> Wed, 08 July 2015 15:29 UTC

Return-Path: <warren@kumari.net>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D429F1A002C for <secdir@ietfa.amsl.com>; Wed, 8 Jul 2015 08:29:23 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.978
X-Spam-Level:
X-Spam-Status: No, score=-1.978 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FM_FORGED_GMAIL=0.622, RCVD_IN_DNSWL_LOW=-0.7] autolearn=unavailable
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Addr4UWIUsGJ for <secdir@ietfa.amsl.com>; Wed, 8 Jul 2015 08:29:22 -0700 (PDT)
Received: from mail-oi0-f43.google.com (mail-oi0-f43.google.com [209.85.218.43]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id F34581A0056 for <secdir@ietf.org>; Wed, 8 Jul 2015 08:28:58 -0700 (PDT)
Received: by oiab3 with SMTP id b3so50130089oia.1 for <secdir@ietf.org>; Wed, 08 Jul 2015 08:28:58 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:date :message-id:subject:from:to:cc:content-type :content-transfer-encoding; bh=kFwL2dEc9gA13A8owocMzPRmK6fn56//D5ZL6CP0jfY=; b=FrSdcnrGQ7R9W2a3tQcSlFutwstidn3CK2twjgF0JgNTHaGVVVtr8Jakn2Kc2iGkji TVTRDDqyvgxE7mQ3U6Q/7ifguuCeD8waUulySzNEhJ4QuGGtGFq37ddN7Bs2yZ9I/Psp k0VqRpJBMtfjzeUk0YTAMgHbwNGBfBfWaBuNn2ntfxwR5+d9FYlq80VGztIWnxJGmGqb HenQTe4sKDg3fTvbkJPD4Q+ZrJmNn7wSZCD6ebWYlaHUTEPE2qsXHsPr38RrMjBk9bqN Lz5xBKqchB68cW7L7TG2/o5HixiT1HrgnwbigYHTH1rfC878OBmhjP6ztd7YmQNdpAmf gtRg==
X-Gm-Message-State: ALoCoQmOzLhuTF5BucqnRgE8MjwpaEopPca+JwTf/N4sNhNHjKS21SvORBG8wQY9qXjEo0lgt4DT
MIME-Version: 1.0
X-Received: by 10.202.1.209 with SMTP id 200mr9900936oib.86.1436369338376; Wed, 08 Jul 2015 08:28:58 -0700 (PDT)
Received: by 10.202.232.1 with HTTP; Wed, 8 Jul 2015 08:28:58 -0700 (PDT)
In-Reply-To: <F01D8B85CFF58440B2A13965FBA90CA4013459D8EC0F@GEORGE.Emea.Arm.com>
References: <F01D8B85CFF58440B2A13965FBA90CA4013459D8EC0F@GEORGE.Emea.Arm.com>
Date: Wed, 8 Jul 2015 11:28:58 -0400
Message-ID: <CAHw9_i+Eou1HjXw4hLkjeOswhubHHFex-+oebVM7GByq9+WVCw@mail.gmail.com>
From: Warren Kumari <warren@kumari.net>
To: Hannes Tschofenig <Hannes.Tschofenig@arm.com>
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable
Archived-At: <http://mailarchive.ietf.org/arch/msg/secdir/916U0D2RLWFJPCEplzvyNQIdwUA>
Cc: "draft-wkumari-dhc-capport.all@tools.ietf.org" <draft-wkumari-dhc-capport.all@tools.ietf.org>, "iesg@ietf.org" <iesg@ietf.org>, "secdir@ietf.org" <secdir@ietf.org>
Subject: Re: [secdir] Secdir review of draft-wkumari-dhc-capport-13
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 08 Jul 2015 15:29:24 -0000

[ Off-list ]

On Tue, Jul 7, 2015 at 3:47 AM, Hannes Tschofenig
<Hannes.Tschofenig@arm.com> wrote:
> I have reviewed this document as part of the security directorate's effort
> to review all IETF documents being processed by the IESG.
>
> These comments were written primarily for the benefit of the security area
> directors.  Document editors and WG chairs should treat these comments just
> like any other last call comment.
>


Thank you for the review....


>
>
> This document communicates the presence of a captive portal in a WiFi
> network using DHCP and RAs.
>
>
>
> Recommendation:  Ready
>
>
>
> The motivation of the document makes sense, namely to avoid interception of
> traffic, and the document is an easy extension to already available
> mechanisms (RA/DHCP). I was expecting to see a reference to Hotspot 2.0,
> which aims to make the interaction between hotspot providers and end devices
> more intelligent (but covers a much larger scope).

I originally had this as an editor's note:
https://github.com/wkumari/draft-wkumari-dhc-capport/blob/de293471faef562517978b709aaca762d1d78dbe/README.md

"[ Ed note: This solution is somewhat similar / complements 802.11u /
   WiFi Passpoint Online Sign-up, but is much simpler, easier to deploy,
   and works on wired as well ]
"

I spent some time looking at the Hotspot 2.0 stuff, but after slogging
through much 4 color glossy type material it seemed that it more
allowed you to use different reaming providers / snap a RADIUS
connection back to another provider. I even spent some $$$ on
purchasing a spec, which I found largely unintelligible.
So, I decided to remove the vague / editorial note... :-)

If you happen to have any suggested text I'm happy to stick it in...


>
>
>
> Minor nit:
>
>
>
> In Section 4 you write:
>
>
>
> “This document defines two DHCP Captive-Portal options, one for IPv6
>
>    and one for IPv6.”
>
>
>
> It should of course read “…, one for IPv4 and one for IPv6.”


Thanks. I've fixed it in the editor version.

W

>
>
>
> Ciao
>
> Hannes
>
>
>
>
> -- IMPORTANT NOTICE: The contents of this email and any attachments are
> confidential and may also be privileged. If you are not the intended
> recipient, please notify the sender immediately and do not disclose the
> contents to any other person, use it for any purpose, or store or copy the
> information in any medium. Thank you.
>
> ARM Limited, Registered office 110 Fulbourn Road, Cambridge CB1 9NJ,
> Registered in England & Wales, Company No: 2557590
> ARM Holdings plc, Registered office 110 Fulbourn Road, Cambridge CB1 9NJ,
> Registered in England & Wales, Company No: 2548782
>
> _______________________________________________
> secdir mailing list
> secdir@ietf.org
> https://www.ietf.org/mailman/listinfo/secdir
> wiki: http://tools.ietf.org/area/sec/trac/wiki/SecDirReview
>



-- 
I don't think the execution is relevant when it was obviously a bad
idea in the first place.
This is like putting rabid weasels in your pants, and later expressing
regret at having chosen those particular rabid weasels and that pair
of pants.
   ---maf

On Tue, Jul 7, 2015 at 3:47 AM, Hannes Tschofenig
<Hannes.Tschofenig@arm.com> wrote:
> I have reviewed this document as part of the security directorate's effort
> to review all IETF documents being processed by the IESG.
>
> These comments were written primarily for the benefit of the security area
> directors.  Document editors and WG chairs should treat these comments just
> like any other last call comment.
>
>
>
> This document communicates the presence of a captive portal in a WiFi
> network using DHCP and RAs.
>
>
>
> Recommendation:  Ready
>
>
>
> The motivation of the document makes sense, namely to avoid interception of
> traffic, and the document is an easy extension to already available
> mechanisms (RA/DHCP). I was expecting to see a reference to Hotspot 2.0,
> which aims to make the interaction between hotspot providers and end devices
> more intelligent (but covers a much larger scope).
>
>
>
> Minor nit:
>
>
>
> In Section 4 you write:
>
>
>
> “This document defines two DHCP Captive-Portal options, one for IPv6
>
>    and one for IPv6.”
>
>
>
> It should of course read “…, one for IPv4 and one for IPv6.”
>
>
>
> Ciao
>
> Hannes
>
>
>
>
> -- IMPORTANT NOTICE: The contents of this email and any attachments are
> confidential and may also be privileged. If you are not the intended
> recipient, please notify the sender immediately and do not disclose the
> contents to any other person, use it for any purpose, or store or copy the
> information in any medium. Thank you.
>
> ARM Limited, Registered office 110 Fulbourn Road, Cambridge CB1 9NJ,
> Registered in England & Wales, Company No: 2557590
> ARM Holdings plc, Registered office 110 Fulbourn Road, Cambridge CB1 9NJ,
> Registered in England & Wales, Company No: 2548782
>
> _______________________________________________
> secdir mailing list
> secdir@ietf.org
> https://www.ietf.org/mailman/listinfo/secdir
> wiki: http://tools.ietf.org/area/sec/trac/wiki/SecDirReview
>



-- 
I don't think the execution is relevant when it was obviously a bad
idea in the first place.
This is like putting rabid weasels in your pants, and later expressing
regret at having chosen those particular rabid weasels and that pair
of pants.
   ---maf