[Strint-attendees] Captive Portal BoF, an invitation to STRINT Workshop folk...

Warren Kumari <warren@kumari.net> Tue, 30 June 2015 21:48 UTC

Return-Path: <warren@kumari.net>
X-Original-To: strint-attendees@lists.i1b.org
Received: from mail-ob0-f181.google.com (mail-ob0-f181.google.com [209.85.214.181]) by diego.dreamhost.com (Postfix) with ESMTP id 15E1048696 for <strint-attendees@lists.i1b.org>; Tue, 30 Jun 2015 14:48:27 -0700 (PDT)
Received: by obbkm3 with SMTP id km3so16002315obb.1 for <strint-attendees@lists.i1b.org>; Tue, 30 Jun 2015 14:48:26 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:date:message-id:subject:from:to :content-type; bh=bVJfEwgs4Ddmsm1jpJz8bkm4eaHHgfrxuyi0S3iEtss=; b=R/w1YdlYOFeRNzJ2ERJ8FpHhNLfdkbxfPlDra+YeU0GBfgOOByNwTBgAozupJ8Il2R dMwI/CHFwqZ/Ga6BAaFJcFHwpDqq9ZXCWanIa9MuOG0TtxRXYZi2/UJ6cHC6B+j2m2aX a4t2pSHgJqEX6CYLEKIq7K/gync5wspJyUDMelbzlWspRwnUiT7DDxLm6ETJbCxmkQ70 mzHAv2PrSGUATgDGAeBtELIc9gw3avdmi1bNeCgdSbf6zVOVnznLxtaXwZ9yVGEzDzLE S67Wl8yUkpiWSk7qhyBQ1cxd4kQ3W09YWsfXylEx4JWeNVWJV2MQMR50AmzKWVhJcpvS ozgw==
X-Gm-Message-State: ALoCoQnLrCT5DEAqaAK1BdkdK875p8fCDc73ddE7APwh27gGPhYO2aTUqG3osG9jz8b4nmpSXFgt
MIME-Version: 1.0
X-Received: by 10.202.45.23 with SMTP id t23mr6019040oit.110.1435700906101; Tue, 30 Jun 2015 14:48:26 -0700 (PDT)
Received: by 10.202.203.134 with HTTP; Tue, 30 Jun 2015 14:48:26 -0700 (PDT)
Date: Tue, 30 Jun 2015 17:48:26 -0400
Message-ID: <CAHw9_iLoYCKpRms8mFCk8zGk=+qS2y0OXVw7OntfTZYCaBMf1g@mail.gmail.com>
From: Warren Kumari <warren@kumari.net>
To: strint-attendees@lists.i1b.org
Content-Type: text/plain; charset=UTF-8
Subject: [Strint-attendees] Captive Portal BoF, an invitation to STRINT Workshop folk...
X-BeenThere: strint-attendees@lists.i1b.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: STRINT Workshop Discussion List <strint-attendees-i1b.org>
List-Unsubscribe: <http://lists.i1b.org/options.cgi/strint-attendees-i1b.org>, <mailto:strint-attendees-request@lists.i1b.org?subject=unsubscribe>
List-Archive: <http://lists.i1b.org/pipermail/strint-attendees-i1b.org/>
List-Post: <mailto:strint-attendees@lists.i1b.org>
List-Help: <mailto:strint-attendees-request@lists.i1b.org?subject=help>
List-Subscribe: <http://lists.i1b.org/listinfo.cgi/strint-attendees-i1b.org>, <mailto:strint-attendees-request@lists.i1b.org?subject=subscribe>
X-List-Received-Date: Tue, 30 Jun 2015 21:48:27 -0000

Dear STRINT workshop people,

There will be a BoF held at the IETF meeting in Prague to discuss
Captive Portals and designing a better way to interact with them.

Captive Portals have some STRINT / pervasive monitoring implications,
including the fact that many of the current captive portals
interception techniques that are indistinguishable from MitM
attacks[0].
Many of the protections that are being developed to mitigate pervasive
monitoring (e.g ubiquitous encryption, dprive, etc) break captive
portal's ability to intercept are redirect users to the payment page
-- unfortunately this leads to a poor user experience, and the user
disabling useful security features / blindly clicking "Accept" on
unknown TLS cert, etc. The sorts of information that Captive Portals
collect may also have privacy implications, etc.

Barry suggested that I reach out to you and invite you to come to the
BoF - it is called 'CAPtive PORTal interaction' (CAPPORT) and will be
meeting Wednesday Afternoon session II.

We also have a mailing list where we are discussing this:
https://www.ietf.org/mailman/listinfo/captive-portals

Sorry for the interruption,
W

[0]: Because they *are* MitM... :-)

-- 
I don't think the execution is relevant when it was obviously a bad
idea in the first place.
This is like putting rabid weasels in your pants, and later expressing
regret at having chosen those particular rabid weasels and that pair
of pants.
   ---maf