[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Captive-portals] Fixing RFC 7710

To: Martin Thomson <[email protected]>
Subject: Re: [Captive-portals] Fixing RFC 7710
From: Alexander Roscoe <[email protected]>
Date: Fri, 2 Mar 2018 10:53:01 -0500
Archived-at: <https://mailarchive.ietf.org/arch/msg/captive-portals/jLEI8EJ7iPZjzptji5MIiz45cJM>
Authentication-results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Cc: [email protected], Warren Kumari <[email protected]>, Olafur Gudmundssen <[email protected]>, [email protected], [email protected]
Delivered-to: [email protected]
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=m6AeUfPZnobaWsbrWLs7bgSDEzSo2Zn8tU3EspRpW4A=; b=ZyshSA6RwFpRm5+VMFgAx86hNd8gsXExHYGT+BTlvzRWtQrTIIO56xhIAtHrk6Xy3S EDeATdBTB5383yCtnorA+iJhS2sS88JWJC++FSI98FYtAvJoQkJy1JoYMD9jofHR4jpg YcFBaGl9aJ4ecIks9bV8YL3FN4q7HzBbSfW/58MmsNk4caycESdpqQyzWj0DNMzjYHHt fTeCSb5HJDnlMqCACpCWtZonO8qAJemNUy1rxfFsZijYIhIJg2RwuSdwcP8yJm9XqiQz QIMNddK2F5gD/O//+KTPX136DAi86XbAW+uNNZ5D4MZhmij5chpTmquF5S7WXDFG0OAI Sieg==
In-reply-to: <CABkgnnWJMipRtG-p0EoUXmK3u1c2ab-v4xN3WZfm3XL8s08aZA@mail.gmail.com>
List-archive: <https://mailarchive.ietf.org/arch/browse/captive-portals/>
List-help: <mailto:[email protected]?subject=help>
List-id: Discussion of issues related to captive portals <captive-portals.ietf.org>
List-post: <mailto:[email protected]>
List-subscribe: <https://www.ietf.org/mailman/listinfo/captive-portals>, <mailto:[email protected]?subject=subscribe>
List-unsubscribe: <https://www.ietf.org/mailman/options/captive-portals>, <mailto:[email protected]?subject=unsubscribe>
References: <CABkgnnWJMipRtG-p0EoUXmK3u1c2ab-v4xN3WZfm3XL8s08aZA@mail.gmail.com>

I always assumed the captive portal URL could function as the API
endpoint as well. For example, if the captive portal url is
'https://mycaptiveportal.com/index.html' then the API could port to
the same URL at index.html. Another solution could take the root part
of the URL and then attach the known URI at the end.

I believe a URL should be transported in the DHCP / RA as it needs to
support HTTPS.  There are work arounds with doing 302s but it then
becomes more steps to develop. I think RFC7710 is easy to implement
for most venders in their DHCP software.  Because of that, it acts as
a stepping stone into further enhancements.

>From an implementation point of view, nothing needs to change the
captive portal to support the DHCP / RA option which really make it
easy to enable.

On Thu, Mar 1, 2018 at 10:58 PM, Martin Thomson
<[email protected]> wrote:
> We've had a number of discussions in the captive portals group about
> fixing RFC 7710.
>
> Erik and I would like to propose a plan for that work.  We would keep
> this to addressing the issues that we have identified thus far.
> Namely:
>
> 1. The purpose of the URI is not well defined.  We would reference the
> capport architecture and API documents for that.  The group would need
> to decide between:
>   a. point to the API
>   b. point to a login page
>
> 2. There isn't a clear way to signal that there is no captive portal
> in the network.  It has been suggested that we use a special URL -
> e.g., urn:ietf:params:capport:unrestricted. Alternatively, we could
> privilege the empty string, but that doesn't have as clear a signal of
> intent.
>
> 3. RFC 7710 states that the URL SHOULD use an address literal.  This
> works at odds with the idea of using HTTPS.
>
> Is there anyone who is willing to take on this work?  We aim to start
> and complete this work in <1 meeting cycle, starting in London.
>
> For the authors of RFC 7710, let us know if you have any concerns.
>
> _______________________________________________
> Captive-portals mailing list
> [email protected]
> https://www.ietf.org/mailman/listinfo/captive-portals



-- 
Alexander Roscoe
484-716-9048

References:
- [Captive-portals] Fixing RFC 7710
  - From: Martin Thomson <[email protected]>

Prev by Date: [Captive-portals] Fixing RFC 7710
Next by Date: Re: [Captive-portals] Fixing RFC 7710
Previous by thread: [Captive-portals] Fixing RFC 7710
Next by thread: Re: [Captive-portals] Fixing RFC 7710
Index(es):
- Date
- Thread