Re: [TLS] Captive portals, "access administratively disabled" and alert messages

Geoffrey Keating <geoffk@geoffk.org> Tue, 02 January 2018 22:29 UTC

Return-Path: <geoffk@geoffk.org>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A3C8212D82D for <tls@ietfa.amsl.com>; Tue, 2 Jan 2018 14:29:41 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level:
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id P-qgOgkgVd_P for <tls@ietfa.amsl.com>; Tue, 2 Jan 2018 14:29:39 -0800 (PST)
Received: from dragaera.releasedominatrix.com (dragaera.releasedominatrix.com [198.0.208.83]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C45571270AB for <tls@ietf.org>; Tue, 2 Jan 2018 14:29:39 -0800 (PST)
Received: by dragaera.releasedominatrix.com (Postfix, from userid 501) id 66A2E33D21B; Tue, 2 Jan 2018 22:29:39 +0000 (UTC)
Sender: geoffk@localhost.localdomain
To: =?utf-8?b?TWF0ZXVzeiBKb8WEY3p5aw==?= <mat.jonczyk@o2.pl>, tls@ietf.org
References: <096449a4-38fc-e17f-d995-a584f976b422@o2.pl> <CABcZeBOYH5sFszpTVbTyp8kYtmhqCX+_TJN9ofW5vuUMx50KRg@mail.gmail.com>
From: Geoffrey Keating <geoffk@geoffk.org>
Date: 02 Jan 2018 14:29:39 -0800
In-Reply-To: <CABcZeBOYH5sFszpTVbTyp8kYtmhqCX+_TJN9ofW5vuUMx50KRg@mail.gmail.com>
Message-ID: <m2vagjhp2k.fsf@localhost.localdomain>
Lines: 8
User-Agent: Gnus/5.09 (Gnus v5.9.0) Emacs/21.4
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/FtWjD6EQltWmvRyTKgz9DgDpFfU>
Subject: Re: [TLS] Captive portals, "access administratively disabled" and alert messages
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 02 Jan 2018 22:29:41 -0000

Two problems with this proposal, that don't occur with the proposal
the capport WG is working on, are:

- What do you do if you get one of these alerts over multipath TCP?

- What happens if some site far away on the Internet sends you one of
  these alerts?  Perhaps because DNS was forged and hasn't timed out
  yet?