[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Captive-portals] putting quarantined IoT devices behind a captive portal (fwd) Michael Richardson: putting quarantined IoT devices behind a captive portal

To: [email protected]
Subject: Re: [Captive-portals] putting quarantined IoT devices behind a captive portal (fwd) Michael Richardson: putting quarantined IoT devices behind a captive portal
From: Michael Richardson <[email protected]>
Date: Tue, 23 Jul 2019 20:03:49 -0400
Archived-at: <https://mailarchive.ietf.org/arch/msg/captive-portals/RwDziZ_eKMtesz6szahY87oYzTc>
Cc: captive-portals <[email protected]>, [email protected], [email protected]
Comments: In-reply-to Erik Kline <[email protected]> message dated "Sat, 20 Jul 2019 23:33:44 -0400."
Delivered-to: [email protected]
In-reply-to: <CAAedzxq6b3Ec-az0nUFbowfJS71GFoN2bq=vBo5GY73ze=sVGA@mail.gmail.com>
List-archive: <https://mailarchive.ietf.org/arch/browse/captive-portals/>
List-help: <mailto:[email protected]?subject=help>
List-id: Discussion of issues related to captive portals <captive-portals.ietf.org>
List-post: <mailto:[email protected]>
List-subscribe: <https://www.ietf.org/mailman/listinfo/captive-portals>, <mailto:[email protected]?subject=subscribe>
List-unsubscribe: <https://www.ietf.org/mailman/options/captive-portals>, <mailto:[email protected]?subject=unsubscribe>
References: <27897.1562697682@localhost> <CAAedzxq6b3Ec-az0nUFbowfJS71GFoN2bq=vBo5GY73ze=sVGA@mail.gmail.com>

Erik Kline <[email protected]> wrote:
    > Most discussion has, co-chair hat off, be circling around some minimal
    > working API mechanism to get things started.

    > That said, one could easily imagine, for example, something as simple
    > as an additional API boolean key,

    > "quarantined": true|false,

I think that I want to implement exactly this then.

This means providing the API info in the DHCPv4 to all devices, but
for many devices, even though there is no restriction at all. 

A concern that was recently raised is attackers that might attempt to
impersonate other devices (same L2/L3 address), and do things to trigger
quarantine.  Once you train the users to unquarantine without thinking...

-- 
]               Never tell me the odds!                 | ipv6 mesh networks [ 
]   Michael Richardson, Sandelman Software Works        | network architect  [ 
]     [email protected]  http://www.sandelman.ca/        |   ruby on rails    [

Attachment: signature.asc
Description: PGP signature

References:
- [Captive-portals] putting quarantined IoT devices behind a captive portal (fwd) Michael Richardson: putting quarantined IoT devices behind a captive portal
  - From: Michael Richardson <[email protected]>
- Re: [Captive-portals] putting quarantined IoT devices behind a captive portal (fwd) Michael Richardson: putting quarantined IoT devices behind a captive portal
  - From: Erik Kline <[email protected]>

Prev by Date: Re: [Captive-portals] Review of draft-ietf-capport-rfc7710bis
Next by Date: Re: [Captive-portals] Review of draft-ietf-capport-rfc7710bis
Previous by thread: Re: [Captive-portals] putting quarantined IoT devices behind a captive portal (fwd) Michael Richardson: putting quarantined IoT devices behind a captive portal
Next by thread: Re: [Captive-portals] [OPSAWG] putting quarantined IoT devices behind a captive portal
Index(es):
- Date
- Thread