Re: [Captive-portals] Requirements for "captive portal closed" notifications
Dave Dolson <ddolson@acm.org> Tue, 20 March 2018 15:39 UTC
Return-Path: <ddolson@golden.net>
X-Original-To: captive-portals@ietfa.amsl.com
Delivered-To: captive-portals@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8B45E126D74 for <captive-portals@ietfa.amsl.com>; Tue, 20 Mar 2018 08:39:49 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.65
X-Spam-Level:
X-Spam-Status: No, score=-1.65 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HEADER_FROM_DIFFERENT_DOMAINS=0.249, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id pPlA94xbjS8F for <captive-portals@ietfa.amsl.com>; Tue, 20 Mar 2018 08:39:47 -0700 (PDT)
Received: from smtp1.execulink.net (smtp1.execulink.net [69.63.44.82]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 87F5F126579 for <captive-portals@ietf.org>; Tue, 20 Mar 2018 08:39:47 -0700 (PDT)
Received: from 231-151.speede.golden.net ([216.59.231.151] helo=[192.168.123.13]) by smtp1.execulink.net with esmtpsa (TLSv1.2:ECDHE-RSA-AES128-GCM-SHA256:128) (Exim 4.89) (envelope-from <ddolson@golden.net>) id 1eyJMY-00086d-7s for captive-portals@ietf.org; Tue, 20 Mar 2018 11:39:46 -0400
To: captive-portals@ietf.org
References: <CAKD1Yr3rP24jQ6sMpoXZ3pU02FmvwDNc9=w2oAh4bMWZmEtQ_A@mail.gmail.com>
From: Dave Dolson <ddolson@acm.org>
Message-ID: <44dfe037-6557-6acd-dd93-d2f109e44c79@golden.net>
Date: Tue, 20 Mar 2018 11:39:37 -0400
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:52.0) Gecko/20100101 Thunderbird/52.6.0
MIME-Version: 1.0
In-Reply-To: <CAKD1Yr3rP24jQ6sMpoXZ3pU02FmvwDNc9=w2oAh4bMWZmEtQ_A@mail.gmail.com>
Content-Type: multipart/alternative; boundary="------------E4C49BE03611DA64204CB700"
Content-Language: en-US
Archived-At: <https://mailarchive.ietf.org/arch/msg/captive-portals/T0xF61hBMfdOnnAV1W3tuW8PFa0>
Subject: Re: [Captive-portals] Requirements for "captive portal closed" notifications
X-BeenThere: captive-portals@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Discussion of issues related to captive portals <captive-portals.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/captive-portals>, <mailto:captive-portals-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/captive-portals/>
List-Post: <mailto:captive-portals@ietf.org>
List-Help: <mailto:captive-portals-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/captive-portals>, <mailto:captive-portals-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 20 Mar 2018 15:39:49 -0000
I agree about viewing ICMP as a hint for the user equipment to visit the API. The UE should trust nothing in the ICMP message itself. And querying the API should be harmless (GET having no side-effects), aside from the load imposed on it. So we should say that the UE must rate-limit ICMP-triggered API visits. Example wording: "The UE MUST rate-limit ICMP-triggered API requests to once every 5s." We could get fancy with back-off retries, or allowing the API to specify the rate limit, but my main point is that the ICMP message does not require any sort of authentication if we make a spoofed message harmless. -Dave On 2018-03-20 11:29 AM, Lorenzo Colitti wrote: > Per discussion at the mike today on what we should do with the ICMP > unreachable draft - here are some properties I think are necessary in > a hint to the UE that the captive portal is closed. > > 1. The notification should not be easy to spoof. This is easiest to do > by making it a hint to the UE that it should talk to the API. > > * An ICMP message by itself is not secure. For example, it's trivial > for an off-path attacker to generate ICMP messages for sessions > from legitimate UEs to <popularwebsite>:443. Getting a UE to trust > such a message only requires getting the ephemeral port right, and > many OSes have a quite limited range of ephemeral ports. > * Tero points out that if we do want to secure such a message, then > we should not roll our own security but should use an existing, > secure protocol such as IPsec. > > > 2. It should be possible to send the notification *before* the captive > portal closes, to facilitate seamless connectivity. Ideally the user > should be able to re-up the captive portal without having to wait > until the network is dead or the device has switched to another network. > > 3. The notification should not be on a per-destination basis. A hint > that conveys the information "you can reach facebook, but to reach CNN > you need to upgrade to another service plan" is not technically > infeasible but is unlikely ever to reach WG and IETF consensus and > therefore I think we should not spend our time talking about it. > > 4. I'm not sure whether it's possible for the hint to be anything more > than a binary "you are or will very soon be captive". Saying things > like "an upgrade opportunity is available" may be hard to encode. > > Cheers, > Lorenzo > > > _______________________________________________ > Captive-portals mailing list > Captive-portals@ietf.org > https://www.ietf.org/mailman/listinfo/captive-portals
- [Captive-portals] Requirements for "captive porta… Lorenzo Colitti
- Re: [Captive-portals] Requirements for "captive p… Dave Dolson
- Re: [Captive-portals] Requirements for "captive p… David Bird
- Re: [Captive-portals] Requirements for "captive p… Lorenzo Colitti
- Re: [Captive-portals] Requirements for "captive p… David Bird
- Re: [Captive-portals] Requirements for "captive p… Lorenzo Colitti
- Re: [Captive-portals] Requirements for "captive p… David Bird
- Re: [Captive-portals] Requirements for "captive p… Pierre Pfister
- Re: [Captive-portals] Requirements for "captive p… Tero Kivinen
- Re: [Captive-portals] Requirements for "captive p… David Bird
- Re: [Captive-portals] Requirements for "captive p… David Bird
- Re: [Captive-portals] Requirements for "captive p… David Bird
- Re: [Captive-portals] Requirements for "captive p… Nicolas Mailhot
- Re: [Captive-portals] Requirements for "captive p… David Bird
- Re: [Captive-portals] Requirements for "captive p… Michael Richardson
- Re: [Captive-portals] Requirements for "captive p… Michael Richardson
- Re: [Captive-portals] Requirements for "captive p… David Bird
- Re: [Captive-portals] Requirements for "captive p… Tero Kivinen