Network Working Group P. Pfister Internet-Draft Cisco Intended status: Standards Track T. Pauly Expires: January 1, 2019 Apple Inc. June 30, 2018 Using Provisioning Domains for Captive Portal Discovery draft-pfister-capport-pvd-00 Abstract Devices that connect to Captive Portals need a way to identify that the network is restricted and discover a method for opening up access. This document defines how to use Provisioning Domain Additional Information to discover a Captive Portal API URI. Status of This Memo This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet- Drafts is at https://datatracker.ietf.org/drafts/current/. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." This Internet-Draft will expire on January 1, 2019. Copyright Notice Copyright (c) 2018 IETF Trust and the persons identified as the document authors. All rights reserved. This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (https://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Simplified BSD License. Pfister & Pauly Expires January 1, 2019 [Page 1] Internet-Draft Captive Portal PvD June 2018 Table of Contents 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 2. Captive Portal URI Option . . . . . . . . . . . . . . . . . . 2 3. Client Behavior . . . . . . . . . . . . . . . . . . . . . . . 3 4. Security Considerations . . . . . . . . . . . . . . . . . . . 3 5. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 3 6. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 4 7. References . . . . . . . . . . . . . . . . . . . . . . . . . 4 7.1. Normative References . . . . . . . . . . . . . . . . . . 4 7.2. Informative References . . . . . . . . . . . . . . . . . 4 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 4 1. Introduction The Captive Portal Architecture [I-D.ietf-capport-architecture] defines the interaction model for how client devices (also referred to as User Equipment) interact with a network that is restricted and requires explicit user interaction to allow a device to access the Internet. The first step of this process involves a Provisioning Service communicating with the User Equipment to indicate that the network is captive, and how to get out of captivity. The key piece of information that the Provisioning Service provides is the URI of a JSON-based API that allows the User Equipment to interact with the captive portal. This API is specified in [I-D.ietf-capport-api]. This document defines the mechanism for using Provisioning Domain (PvD) Additional Information as the Captive Portal Provisioning Service. A PvD defines a consistent and usable set of network configurations [RFC7556]. A Captive Network is one example of a PvD that has unique properties that a device needs to be aware of when presenting networks to generic applications. Naming specific PvDs and presenting a set of Additional Information for a PvD is defined in [I-D.ietf-intarea-provisioning-domains]. 2. Captive Portal URI Option The Additional Information fetched for a PvD is presented as JSON. This document defines a new key to be used to identify the Captive Portal API URI. As specified in [I-D.ietf-capport-api], this URI MUST have an "https" scheme. JSON Key: captive-api Description: URI of Captive Portal API Type: UTF-8 string [RFC3629] Pfister & Pauly Expires January 1, 2019 [Page 2] Internet-Draft Captive Portal PvD June 2018 Example: "https://captive.example.com/api" 3. Client Behavior When a client device that support PvDs attaches a network, it will discover if there is one or more named PvDs on the network with a Router Advertisement as specified in [I-D.ietf-intarea-provisioning-domains]. If the PvD indicates that it has Additional Information, the client device SHOULD fetch the Additional Information prior to allowing the PvD to be used for generic network access, in case the network is restricted or captive. If the Additional Information contains the "captive-api" key, then the client device can interact with the Captive Portal API before proceeding with using the network. If the Additional Information does not contain the "captive-api" key, then the client SHOULD assume that the network is not captive, and proceed with using the network. If the PvD indicates that it has no Additional Information, the client device SHOULD assume that the network is not captive, and proceed with using the network. It is possible that a misconfigured network will provide a named PvD without explicitly marking the captive option, while still restricting network access and providing a Captive Portal. In this case, connections made by the client device may be blocked or redirected, as occurs in captive network in which there is no explicit provisioning. 4. Security Considerations The Captive Portal PvD option is subject to the same security considerations as any other options provisioned via Router Advertisements and Explicit Provisioning Domains. This information should not be used by client devices to trust the safety or security of a network attachment. 5. IANA Considerations This document adds a new key to the "Additional Information PvD Keys" defined in [I-D.ietf-intarea-provisioning-domains]. See Section 2 for the new key definition. Pfister & Pauly Expires January 1, 2019 [Page 3] Internet-Draft Captive Portal PvD June 2018 6. Acknowledgements Thanks to contributions from Eric Vyncke, Mark Townsley, David Schinazi, and Kyle Larose. 7. References 7.1. Normative References [I-D.ietf-capport-api] Pauly, T. and D. Thakore, "Captive Portal API", draft- ietf-capport-api-00 (work in progress), February 2018. [I-D.ietf-intarea-provisioning-domains] Pfister, P., Vyncke, E., Pauly, T., Schinazi, D., and W. Shao, "Discovering Provisioning Domain Names and Data", draft-ietf-intarea-provisioning-domains-02 (work in progress), June 2018. [RFC3629] Yergeau, F., "UTF-8, a transformation format of ISO 10646", STD 63, RFC 3629, DOI 10.17487/RFC3629, November 2003, . [RFC7556] Anipko, D., Ed., "Multiple Provisioning Domain Architecture", RFC 7556, DOI 10.17487/RFC7556, June 2015, . 7.2. Informative References [I-D.ietf-capport-architecture] Larose, K. and D. Dolson, "CAPPORT Architecture", draft- ietf-capport-architecture-02 (work in progress), June 2018. Authors' Addresses Pierre Pfister Cisco 11 Rue Camille Desmoulins Issy-les-Moulineaux 92130 France Email: pierre.pfister@darou.fr Pfister & Pauly Expires January 1, 2019 [Page 4] Internet-Draft Captive Portal PvD June 2018 Tommy Pauly Apple Inc. One Apple Park Way Cupertino, California 95014 United States of America Email: tpauly@apple.com Pfister & Pauly Expires January 1, 2019 [Page 5]