| < draft-ietf-capport-rfc7710bis-00.txt | draft-ietf-capport-rfc7710bis-01.txt > | |||
|---|---|---|---|---|
| Network Working Group W. Kumari | Network Working Group W. Kumari | |||
| Internet-Draft Google | Internet-Draft Google | |||
| Updates: 7710 (if approved) E. Kline | Obsoletes: 7710 (if approved) E. Kline | |||
| Intended status: Standards Track Loon | Intended status: Standards Track Loon | |||
| Expires: January 3, 2020 July 2, 2019 | Expires: July 15, 2020 January 12, 2020 | |||
| Captive-Portal Identification in DHCP / RA | Captive-Portal Identification in DHCP / RA | |||
| draft-ietf-capport-rfc7710bis-00 | draft-ietf-capport-rfc7710bis-01 | |||
| Abstract | Abstract | |||
| In many environments offering short-term or temporary Internet access | In many environments offering short-term or temporary Internet access | |||
| (such as coffee shops), it is common to start new connections in a | (such as coffee shops), it is common to start new connections in a | |||
| captive portal mode. This highly restricts what the customer can do | captive portal mode. This highly restricts what the customer can do | |||
| until the customer has authenticated. | until the customer has authenticated. | |||
| This document describes a DHCP option (and a Router Advertisement | This document describes a DHCP option (and a Router Advertisement | |||
| (RA) extension) to inform clients that they are behind some sort of | (RA) extension) to inform clients that they are behind some sort of | |||
| skipping to change at page 1, line 48 ¶ | skipping to change at page 1, line 48 ¶ | |||
| Internet-Drafts are working documents of the Internet Engineering | Internet-Drafts are working documents of the Internet Engineering | |||
| Task Force (IETF). Note that other groups may also distribute | Task Force (IETF). Note that other groups may also distribute | |||
| working documents as Internet-Drafts. The list of current Internet- | working documents as Internet-Drafts. The list of current Internet- | |||
| Drafts is at http://datatracker.ietf.org/drafts/current/. | Drafts is at http://datatracker.ietf.org/drafts/current/. | |||
| Internet-Drafts are draft documents valid for a maximum of six months | Internet-Drafts are draft documents valid for a maximum of six months | |||
| and may be updated, replaced, or obsoleted by other documents at any | and may be updated, replaced, or obsoleted by other documents at any | |||
| time. It is inappropriate to use Internet-Drafts as reference | time. It is inappropriate to use Internet-Drafts as reference | |||
| material or to cite them other than as "work in progress." | material or to cite them other than as "work in progress." | |||
| This Internet-Draft will expire on January 3, 2020. | This Internet-Draft will expire on July 15, 2020. | |||
| Copyright Notice | Copyright Notice | |||
| Copyright (c) 2019 IETF Trust and the persons identified as the | Copyright (c) 2020 IETF Trust and the persons identified as the | |||
| document authors. All rights reserved. | document authors. All rights reserved. | |||
| This document is subject to BCP 78 and the IETF Trust's Legal | This document is subject to BCP 78 and the IETF Trust's Legal | |||
| Provisions Relating to IETF Documents | Provisions Relating to IETF Documents | |||
| (http://trustee.ietf.org/license-info) in effect on the date of | (http://trustee.ietf.org/license-info) in effect on the date of | |||
| publication of this document. Please review these documents | publication of this document. Please review these documents | |||
| carefully, as they describe your rights and restrictions with respect | carefully, as they describe your rights and restrictions with respect | |||
| to this document. Code Components extracted from this document must | to this document. Code Components extracted from this document must | |||
| include Simplified BSD License text as described in Section 4.e of | include Simplified BSD License text as described in Section 4.e of | |||
| the Trust Legal Provisions and are provided without warranty as | the Trust Legal Provisions and are provided without warranty as | |||
| described in the Simplified BSD License. | described in the Simplified BSD License. | |||
| Table of Contents | Table of Contents | |||
| 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 | 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 | |||
| 1.1. Requirements Notation . . . . . . . . . . . . . . . . . . 3 | 1.1. Requirements Notation . . . . . . . . . . . . . . . . . . 3 | |||
| 2. The Captive-Portal Option . . . . . . . . . . . . . . . . . . 3 | 2. The Captive-Portal Option . . . . . . . . . . . . . . . . . . 3 | |||
| 2.1. IPv4 DHCP Option . . . . . . . . . . . . . . . . . . . . 4 | 2.1. IPv4 DHCP Option . . . . . . . . . . . . . . . . . . . . 4 | |||
| 2.2. IPv6 DHCP Option . . . . . . . . . . . . . . . . . . . . 4 | 2.2. IPv6 DHCP Option . . . . . . . . . . . . . . . . . . . . 4 | |||
| 2.3. The Captive-Portal IPv6 RA Option . . . . . . . . . . . . 5 | 2.3. The Captive-Portal IPv6 RA Option . . . . . . . . . . . . 5 | |||
| 3. The Captive-Portal Link Relation Type . . . . . . . . . . . . 6 | 3. Precedence of API URIs . . . . . . . . . . . . . . . . . . . 6 | |||
| 4. Precedence of API URIs . . . . . . . . . . . . . . . . . . . 6 | 4. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 6 | |||
| 5. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 6 | 4.1. IETF params Registration . . . . . . . . . . . . . . . . 6 | |||
| 5.1. IETF params Registration . . . . . . . . . . . . . . . . 6 | 4.1.1. Registry name: Captive Portal Unrestricted Identifier 6 | |||
| 5.1.1. Registry name: Captive Portal Unrestricted Identifier 6 | 4.2. BOOTP Vendor Extensions and DHCP Options Code Change . . 6 | |||
| 5.1.2. Registry name: Captive Portal API Link Relation Type 7 | 5. Security Considerations . . . . . . . . . . . . . . . . . . . 7 | |||
| 6. Security Considerations . . . . . . . . . . . . . . . . . . . 7 | 6. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 8 | |||
| 7. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 8 | 7. Normative References . . . . . . . . . . . . . . . . . . . . 8 | |||
| 8. Normative References . . . . . . . . . . . . . . . . . . . . 8 | Appendix A. Changes / Author Notes. . . . . . . . . . . . . . . 10 | |||
| Appendix A. Changes / Author Notes. . . . . . . . . . . . . . . 9 | Appendix B. Changes from RFC 7710 . . . . . . . . . . . . . . . 10 | |||
| Appendix B. Changes from RFC 7710 . . . . . . . . . . . . . . . 9 | Appendix C. Observations From IETF 106 Network Experiment . . . 10 | |||
| Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 10 | Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 11 | |||
| 1. Introduction | 1. Introduction | |||
| In many environments, users need to connect to a captive-portal | In many environments, users need to connect to a captive-portal | |||
| device and agree to an Acceptable Use Policy (AUP) and / or provide | device and agree to an Acceptable Use Policy (AUP) and / or provide | |||
| billing information before they can access the Internet. It is | billing information before they can access the Internet. It is | |||
| anticipated that the IETF will work on a more fully featured protocol | anticipated that the IETF will work on a more fully featured protocol | |||
| at some point, to ease interaction with Captive Portals. Regardless | at some point, to ease interaction with Captive Portals. Regardless | |||
| of how that protocol operates, it is expected that this document will | of how that protocol operates, it is expected that this document will | |||
| provide needed functionality because the client will need to know | provide needed functionality because the client will need to know | |||
| skipping to change at page 3, line 35 ¶ | skipping to change at page 3, line 35 ¶ | |||
| The Captive Portal DHCP / RA Option informs the client that it may be | The Captive Portal DHCP / RA Option informs the client that it may be | |||
| behind a captive portal and provides the URI to access an API as | behind a captive portal and provides the URI to access an API as | |||
| defined by [draft-ietf-capport-api]. This is primarily intended to | defined by [draft-ietf-capport-api]. This is primarily intended to | |||
| improve the user experience by getting them to the captive portal | improve the user experience by getting them to the captive portal | |||
| faster and more reliably. Note that, for the foreseeable future, | faster and more reliably. Note that, for the foreseeable future, | |||
| captive portals will still need to implement the interception | captive portals will still need to implement the interception | |||
| techniques to serve legacy clients, and clients will need to perform | techniques to serve legacy clients, and clients will need to perform | |||
| probing to detect captive portals. | probing to detect captive portals. | |||
| Clients that support the Captive Portal DHCP option SHOULD include | ||||
| the option in the Parameter Request List in DHCPREQUEST messages. | ||||
| DHCP servers MAY send the Captive Portal option without any explicit | ||||
| request. | ||||
| In order to support multiple "classes" of clients (e.g. IPv4 only, | In order to support multiple "classes" of clients (e.g. IPv4 only, | |||
| IPv6 only with DHCPv6 ([RFC3315]), IPv6 only with RA) the captive | IPv6 only with DHCPv6 ([RFC3315]), IPv6 only with RA) the captive | |||
| portal can provide the URI via multiple methods (IPv4 DHCP, IPv6 | portal can provide the URI via multiple methods (IPv4 DHCP, IPv6 | |||
| DHCP, IPv6 RA). The captive portal operator should ensure that the | DHCP, IPv6 RA). The captive portal operator SHOULD ensure that the | |||
| URIs handed out are equivalent to reduce the chance of operational | URIs handed out are equivalent to reduce the chance of operational | |||
| problems. The maximum length of the URI that can be carried in IPv4 | problems. The maximum length of the URI that can be carried in IPv4 | |||
| DHCP is 255 bytes, so URIs longer than 255 bytes should not be used | DHCP is 255 bytes, so URIs longer than 255 bytes should not be used | |||
| in IPv6 DHCP or IPv6 RA. | in IPv6 DHCP or IPv6 RA. | |||
| In all variants of this option, the URI MUST be that of the captive | In all variants of this option, the URI MUST be that of the captive | |||
| portal API endpoint, conforming to the recommendations for such URIs | portal API endpoint, conforming to the recommendations for such URIs | |||
| [cite:API] (i.e. the URI SHOULD contain a DNS name and SHOULD | [draft-ietf-capport-api] (i.e. the URI SHOULD contain a DNS name and | |||
| reference a secure transport, e.g. https). | SHOULD reference a secure transport, e.g. https). | |||
| A captive portal MAY redirect requests that do not have an Accept | A captive portal MAY redirect requests that do not have an Accept | |||
| header field ([RFC7231] Section 5.3) containing a field item whose | header field ([RFC7231] Section 5.3) containing a field item whose | |||
| content-type is "application/capport+json" to the URL conveyed in the | content-type is "application/capport+json" to the URL conveyed in the | |||
| "user-portal-url" API key. When performing such content negotiation | "user-portal-url" API key. When performing such content negotiation | |||
| ([RFC7231] Section 3.4), captive portals need to keep in mind that | ([RFC7231] Section 3.4), captive portals need to keep in mind that | |||
| such responses might be cached, and therefore SHOULD include an | such responses might be cached, and therefore SHOULD include an | |||
| appropriate Vary header field ([RFC7231] Section 7.1.4) or mark them | appropriate Vary header field ([RFC7231] Section 7.1.4) or mark them | |||
| explicitly uncacheable (for example, using Cache-Control: no-store | explicitly uncacheable (for example, using Cache-Control: no-store | |||
| [RFC7234] Section 5.2.2.3). | [RFC7234] Section 5.2.2.3). | |||
| skipping to change at page 4, line 23 ¶ | skipping to change at page 4, line 28 ¶ | |||
| without application/capport+json listed explicitly anywhere within an | without application/capport+json listed explicitly anywhere within an | |||
| Accept header vis. [RFC7231] section 5.3). In so doing, the captive | Accept header vis. [RFC7231] section 5.3). In so doing, the captive | |||
| portal SHOULD redirect the client to the value associated with the | portal SHOULD redirect the client to the value associated with the | |||
| "user-portal-url" API key. | "user-portal-url" API key. | |||
| The URI SHOULD NOT contain an IP address literal. The URI parameter | The URI SHOULD NOT contain an IP address literal. The URI parameter | |||
| is not null terminated. | is not null terminated. | |||
| Networks with no captive portals MAY explicitly indicate this | Networks with no captive portals MAY explicitly indicate this | |||
| condition by using this option with the IANA-assigned URI for this | condition by using this option with the IANA-assigned URI for this | |||
| purpose (see Section 5.1.1). Clients observing the URI value | purpose (see Section 4.1.1). Clients observing the URI value | |||
| "urn:ietf:params:capport-unrestricted" MAY forego time-consuming | "urn:ietf:params:capport-unrestricted" MAY forego time-consuming | |||
| forms of captive portal detection. | forms of captive portal detection. | |||
| 2.1. IPv4 DHCP Option | 2.1. IPv4 DHCP Option | |||
| The format of the IPv4 Captive-Portal DHCP option is shown below. | The format of the IPv4 Captive-Portal DHCP option is shown below. | |||
| Code Len Data | Code Len Data | |||
| +------+------+------+------+------+-- --+-----+ | +------+------+------+------+------+-- --+-----+ | |||
| | code | len | URI ... | | | code | len | URI ... | | |||
| skipping to change at page 6, line 5 ¶ | skipping to change at page 6, line 5 ¶ | |||
| Type 37 | Type 37 | |||
| Length 8-bit unsigned integer. The length of the option (including | Length 8-bit unsigned integer. The length of the option (including | |||
| the Type and Length fields) in units of 8 bytes. | the Type and Length fields) in units of 8 bytes. | |||
| URI The URI for the captive portal API endpoint to which the user | URI The URI for the captive portal API endpoint to which the user | |||
| should connect. This MUST be padded with NULL (0x00) to make the | should connect. This MUST be padded with NULL (0x00) to make the | |||
| total option length (including the Type and Length fields) a | total option length (including the Type and Length fields) a | |||
| multiple of 8 bytes. | multiple of 8 bytes. | |||
| 3. The Captive-Portal Link Relation Type | 3. Precedence of API URIs | |||
| Some captive portal network deployments may be unable to change, or | ||||
| unwilling to risk changing, the network infrastructure necessary to | ||||
| use any of the above options. In such deployments, when clear text | ||||
| HTTP intercept and redirection are used, a Link relation header | ||||
| ([RFC8288], Section 3.3) MAY be inserted to convey to a HTTP client | ||||
| (user agent) the associated Captive Portal API URI. | ||||
| HTTP user agents MUST ignore this link relation in any context other | ||||
| than when explicitly probing to detect the presence of a captive | ||||
| portal. Failure to do so could allow an attacker to inject a Captive | ||||
| Portal API URI other than the correct URI for a given network or for | ||||
| networks where there is no captive portal present at all. | ||||
| 4. Precedence of API URIs | ||||
| A device may learn about Captive Portal API URIs through more than | A device may learn about Captive Portal API URIs through more than | |||
| one of (or indeed all of) the above options. It is a network | one of (or indeed all of) the above options. It is a network | |||
| configuration error if the learned URIs are not all identical. | configuration error if the learned URIs are not all identical. | |||
| However, if the URIs learned are not in fact all identical the | However, if the URIs learned are not in fact all identical the | |||
| captive device MUST prioritize URIs learned from network provisioning | captive device MUST prioritize URIs learned from network provisioning | |||
| or configuration mechanisms before all other URIs. Specifically, | or configuration mechanisms before all other URIs. Specifically, | |||
| URIs learned via any of the options in Section 2 should take | URIs learned via any of the options in Section 2 should take | |||
| precedence over any URI learned via a mechanism like the one | precedence over any URI learned via some other mechanism, such as a | |||
| described in Section 3. | redirect. | |||
| If the URIs learned via more than one option described in Section 2 | If the URIs learned via more than one option described in Section 2 | |||
| are not all identical, this condition should be logged for the device | are not all identical, this condition should be logged for the device | |||
| owner or administrator. URI precedence in this situation is not | owner or administrator. URI precedence in this situation is not | |||
| specified by this document. | specified by this document. | |||
| 5. IANA Considerations | 4. IANA Considerations | |||
| This document requests two new IETF URN protocol parameter | This document requests two new IETF URN protocol parameter | |||
| ([RFC3553]) entries. | ([RFC3553]) entries. This document also requests a reallocation of | |||
| DHCPv4 option codes (see Appendix C for background). | ||||
| Thanks IANA! | Thanks IANA! | |||
| 5.1. IETF params Registration | 4.1. IETF params Registration | |||
| 5.1.1. Registry name: Captive Portal Unrestricted Identifier | 4.1.1. Registry name: Captive Portal Unrestricted Identifier | |||
| Registry name: Captive Portal Unrestricted Identifier | Registry name: Captive Portal Unrestricted Identifier | |||
| URN: urn:ietf:params:capport-unrestricted | URN: urn:ietf:params:capport-unrestricted | |||
| Specification: RFC TBD (this document) | Specification: RFC TBD (this document) | |||
| Repository: RFC TBD (this document) | Repository: RFC TBD (this document) | |||
| Index value: Only one value is defined (see URN above). No hierarchy | Index value: Only one value is defined (see URN above). No hierarchy | |||
| is defined and therefore no sub-namespace registrations are possible. | is defined and therefore no sub-namespace registrations are possible. | |||
| 5.1.2. Registry name: Captive Portal API Link Relation Type | 4.2. BOOTP Vendor Extensions and DHCP Options Code Change | |||
| Registry name: Captive Portal API Link Relation Type | ||||
| URN: urn:ietf:params:capport-api | [ RFC Ed: Please remove before publication: RFC7710 uses DHCP Code | |||
| 160 -- unfortunately, it was discovered that this option code is | ||||
| already widely used by Polycom (see appendix). Option 114 (URL) is | ||||
| currently assigned to Apple (RFC3679, Section 3.2.3 - Contact: Dieter | ||||
| Siegmund, dieter@apple.com - Reason to recover: Never published in an | ||||
| RFC) Tommy Pauly (Apple) and Dieter Siegmund confirm that this | ||||
| codepoint hasn't been used, and Apple is willing to relinquish it for | ||||
| use in CAPPORT. Please see thread: | ||||
| https://mailarchive.ietf.org/arch/msg/captive-portals/ | ||||
| TmqQz6Ma_fznD3XbhwkH9m2dB28 for more background. ] | ||||
| Specification: RFC TBD (this document) | The IANA is requested to update the "BOOTP Vendor Extensions and DHCP | |||
| Options" registry (https://www.iana.org/assignments/bootp-dhcp- | ||||
| parameters/bootp-dhcp-parameters.xhtml) as follows. | ||||
| Repository: RFC TBD (this document) | Tag: 114 | |||
| Name: DHCP Captive-Portal | ||||
| Data Length: N | ||||
| Meaning: DHCP Captive-Portal | ||||
| Reference: [THIS-RFC] | ||||
| Index value: Only one value is defined (see URN above). No hierarchy | Tag: 160 | |||
| is defined and therefore no sub-namespace registrations are possible. | Name: REMOVED/Unassigned | |||
| Data Length: | ||||
| Meaning: | ||||
| Reference: [RFC7710][Deprecated] | ||||
| 6. Security Considerations | 5. Security Considerations | |||
| An attacker with the ability to inject DHCP messages, RAs, or HTTP | An attacker with the ability to inject DHCP messages or RAs could | |||
| headers into cleartext HTTP communications could include an option or | include an option from this document to force users to contact an | |||
| link relation from this document and so force users to contact an | ||||
| address of his choosing. As an attacker with this capability could | address of his choosing. As an attacker with this capability could | |||
| simply list himself as the default gateway (and so intercept all the | simply list himself as the default gateway (and so intercept all the | |||
| victim's traffic); this does not provide them with significantly more | victim's traffic); this does not provide them with significantly more | |||
| capabilities, but because this document removes the need for | capabilities, but because this document removes the need for | |||
| interception, the attacker may have an easier time performing the | interception, the attacker may have an easier time performing the | |||
| attack. As the operating systems and application that make use of | attack. As the operating systems and application that make use of | |||
| this information know that they are connecting to a captive-portal | this information know that they are connecting to a captive-portal | |||
| device (as opposed to intercepted connections) they can render the | device (as opposed to intercepted connections) they can render the | |||
| page in a sandboxed environment and take other precautions, such as | page in a sandboxed environment and take other precautions, such as | |||
| clearly labeling the page as untrusted. The means of sandboxing and | clearly labeling the page as untrusted. The means of sandboxing and | |||
| skipping to change at page 8, line 22 ¶ | skipping to change at page 8, line 25 ¶ | |||
| validation, VPNs, etc. In addition, because the system knows that it | validation, VPNs, etc. In addition, because the system knows that it | |||
| is behind a captive portal, it can know not to send cookies, | is behind a captive portal, it can know not to send cookies, | |||
| credentials, etc. By handing out a URI using which is protected with | credentials, etc. By handing out a URI using which is protected with | |||
| TLS, the captive portal operator can attempt to reassure the user | TLS, the captive portal operator can attempt to reassure the user | |||
| that the captive portal is not malicious. | that the captive portal is not malicious. | |||
| Operating systems should conduct all interactions with the API in a | Operating systems should conduct all interactions with the API in a | |||
| sand-boxed environment and with a configuration that minimizes | sand-boxed environment and with a configuration that minimizes | |||
| tracking risks. | tracking risks. | |||
| 7. Acknowledgements | 6. Acknowledgements | |||
| This document is a -bis of RFC7710. Thanks to all of the original | This document is a -bis of RFC7710. Thanks to all of the original | |||
| authors (Warren Kumari, Olafur Gudmundsson, Paul Ebersman, Steve | authors (Warren Kumari, Olafur Gudmundsson, Paul Ebersman, Steve | |||
| Sheng), and original contributors. | Sheng), and original contributors. | |||
| Also thanks to the CAPPORT WG for all of the discussion and | Also thanks to the CAPPORT WG for all of the discussion and | |||
| improvements. | improvements including contributions and review from Lorenzo Colitti, | |||
| Remi Nguyen Van, and Tommy Pauly. | ||||
| 8. Normative References | 7. References | |||
| 7.1. Normative References | ||||
| [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate | [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate | |||
| Requirement Levels", BCP 14, RFC 2119, | Requirement Levels", BCP 14, RFC 2119, | |||
| DOI 10.17487/RFC2119, March 1997, <https://www.rfc- | DOI 10.17487/RFC2119, March 1997, <https://www.rfc- | |||
| editor.org/info/rfc2119>. | editor.org/info/rfc2119>. | |||
| [RFC2131] Droms, R., "Dynamic Host Configuration Protocol", | [RFC2131] Droms, R., "Dynamic Host Configuration Protocol", | |||
| RFC 2131, DOI 10.17487/RFC2131, March 1997, | RFC 2131, DOI 10.17487/RFC2131, March 1997, | |||
| <https://www.rfc-editor.org/info/rfc2131>. | <https://www.rfc-editor.org/info/rfc2131>. | |||
| skipping to change at page 9, line 35 ¶ | skipping to change at page 9, line 40 ¶ | |||
| [RFC7234] Fielding, R., Ed., Nottingham, M., Ed., and J. Reschke, | [RFC7234] Fielding, R., Ed., Nottingham, M., Ed., and J. Reschke, | |||
| Ed., "Hypertext Transfer Protocol (HTTP/1.1): Caching", | Ed., "Hypertext Transfer Protocol (HTTP/1.1): Caching", | |||
| RFC 7234, DOI 10.17487/RFC7234, June 2014, | RFC 7234, DOI 10.17487/RFC7234, June 2014, | |||
| <https://www.rfc-editor.org/info/rfc7234>. | <https://www.rfc-editor.org/info/rfc7234>. | |||
| [RFC7710] Kumari, W., Gudmundsson, O., Ebersman, P., and S. Sheng, | [RFC7710] Kumari, W., Gudmundsson, O., Ebersman, P., and S. Sheng, | |||
| "Captive-Portal Identification Using DHCP or Router | "Captive-Portal Identification Using DHCP or Router | |||
| Advertisements (RAs)", RFC 7710, DOI 10.17487/RFC7710, | Advertisements (RAs)", RFC 7710, DOI 10.17487/RFC7710, | |||
| December 2015, <https://www.rfc-editor.org/info/rfc7710>. | December 2015, <https://www.rfc-editor.org/info/rfc7710>. | |||
| [RFC8288] Nottingham, M., "Web Linking", RFC 8288, | 7.2. URIs | |||
| DOI 10.17487/RFC8288, October 2017, <https://www.rfc- | ||||
| editor.org/info/rfc8288>. | [1] https://tickets.meeting.ietf.org/wiki/IETF106network#Experiments | |||
| [2] https://tickets.meeting.ietf.org/wiki/CAPPORT | ||||
| [3] https://community.polycom.com/t5/VoIP-SIP-Phones/DHCP- | ||||
| Standardization-160-vs-66/td-p/72577 | ||||
| Appendix A. Changes / Author Notes. | Appendix A. Changes / Author Notes. | |||
| [RFC Editor: Please remove this section before publication ] | [RFC Editor: Please remove this section before publication ] | |||
| From initial to -00. | From initial to -00. | |||
| o Import of RFC7710. | o Import of RFC7710. | |||
| From -00 to -01. | ||||
| o Remove link-relation text. | ||||
| o Clarify option should be in DHCPREQUEST parameter list. | ||||
| o Uppercase some SHOULDs. | ||||
| Appendix B. Changes from RFC 7710 | Appendix B. Changes from RFC 7710 | |||
| This document incorporates the following changes from [RFC7710]. | This document incorporates the following changes from [RFC7710]. | |||
| 1. Clarify that IP string literals are NOT RECOMMENDED. | 1. Clarify that IP string literals are NOT RECOMMENDED. | |||
| 2. Clarify that the option URI SHOULD be that of the captive portal | 2. Clarify that the option URI SHOULD be that of the captive portal | |||
| API endpoint. | API endpoint. | |||
| 3. Clarify that captive portals MAY do content negotiation. | 3. Clarify that captive portals MAY do content negotiation. | |||
| 4. Added text about Captive Portal API URI precedence in the event | 4. Added text about Captive Portal API URI precedence in the event | |||
| of a network configuration error. | of a network configuration error. | |||
| 5. Added urn:ietf:params:capport-unrestricted URN. | 5. Added urn:ietf:params:capport-unrestricted URN. | |||
| 6. Added urn:ietf:params:capport-api URN. | Appendix C. Observations From IETF 106 Network Experiment | |||
| During IETF 106 in Singapore an experiment [1] enabling Captive | ||||
| Portal API compatible clients to discover a venue-info-url (see | ||||
| experiment description [2] for more detail) revealed that some | ||||
| Polycom devices on the same network made use of DHCPv4 option code | ||||
| 160 for other purposes [3]. | ||||
| The presence of DHCPv4 Option code 160 holding a value indicating the | ||||
| Captive Portal API URL caused these devices to not function as | ||||
| desired. For this reason, this document requests IANA deprecate | ||||
| option code 160 and reallocate different value to be used for the | ||||
| Captive Portal API URL. | ||||
| Authors' Addresses | Authors' Addresses | |||
| Warren Kumari | Warren Kumari | |||
| 1600 Amphitheatre Parkway | 1600 Amphitheatre Parkway | |||
| Mountain View, CA 94043 | Mountain View, CA 94043 | |||
| US | US | |||
| Email: warren@kumari.net | Email: warren@kumari.net | |||
| Erik Kline | Erik Kline | |||
| Loon | Loon | |||
| 1600 Amphitheatre Parkway | 1600 Amphitheatre Parkway | |||
| Mountain View, CA 94043 | Mountain View, CA 94043 | |||
| US | US | |||
| Email: ek@google.com | Email: ek@loon.com | |||
| End of changes. 31 change blocks. | ||||
| 62 lines changed or deleted | 97 lines changed or added | |||
This html diff was produced by rfcdiff 1.48. The latest version is available from http://tools.ietf.org/tools/rfcdiff/ | ||||