[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Captive-portals] A new draft / idea - draft-wkumari-capport-icmp-unreach

To: "Roscoe, Alexander" <[email protected]>
Subject: Re: [Captive-portals] A new draft / idea - draft-wkumari-capport-icmp-unreach
From: "Linss, Peter" <[email protected]>
Date: Tue, 6 Oct 2015 19:07:03 +0000
Accept-language: en-US
Archived-at: <http://mailarchive.ietf.org/arch/msg/captive-portals/zItoEvopVztEh9yYVrXxB7boOco>
Authentication-results: spf=none (sender IP is ) smtp.mailfrom=[email protected];
Cc: Michael Richardson <[email protected]>, "[email protected]" <[email protected]>, David Bird <[email protected]>
Delivered-to: [email protected]
In-reply-to: <D23987EB.1133B%[email protected]>
List-archive: <https://mailarchive.ietf.org/arch/browse/captive-portals/>
List-help: <mailto:[email protected]?subject=help>
List-id: Discussion of issues related to captive portals <captive-portals.ietf.org>
List-post: <mailto:[email protected]>
List-subscribe: <https://www.ietf.org/mailman/listinfo/captive-portals>, <mailto:[email protected]?subject=subscribe>
List-unsubscribe: <https://www.ietf.org/mailman/options/captive-portals>, <mailto:[email protected]?subject=unsubscribe>
References: <CAHw9_iJ35ZFbbnjwt4=eV+pGamjVGDfh4PBvuvTNO2vs06U_tw@mail.gmail.com> <[email protected]> <CAHw9_iKBrNj-wM5QkM7dbRnO9M7+dtm3mF6_3haE0eshrqRODw@mail.gmail.com> <[email protected]> <[email protected]> <[email protected]> <CADo9JyXitntR-wT-OfGNyyP3KOdvgrAKF17zDUFNJFbRQ1VbkA@mail.gmail.com> <[email protected]> <CADo9JyVBg13PzEqYtZODNWeDNz4KPaEbqeUMpYot_1ffoNquqg@mail.gmail.com> <[email protected]> <CADo9JyVEQWGA97zMtXeN-w_=jxVJ8bmErm+ED_x7i=a0-+eBcg@mail.gmail.com> <D23987EB.1133B%[email protected]>
Spamdiagnosticmetadata: NSPM
Spamdiagnosticoutput: 1:23
Thread-index: AQHQg1VBBTtl1OQDlUq86/wsLMS2d51mPaEAgAAuu4CAAJTogIAGjXuAgPHWo1qAADmjAIAADWGAgAAMV4CAAAjKgIAADCsA
Thread-topic: [Captive-portals] A new draft / idea - draft-wkumari-capport-icmp-unreach

On Oct 6, 2015, at 11:23 AM, Roscoe, Alexander <[email protected]> wrote:

I am really a big fan of having the ability to pass FQDN as a DHCP option. I assume all un-authed users will have access to DNS. There are some edge case scenarios will this will fail, especially in mobility situations where a roams between 2 of the same SSIDs that have a different DHCP server and cache. I think an ICMP reply would offer another mechanism to determine the clients state.

I do not think HTTPS should be a requirement, this should be left to the discretion of the the hotspot provider. Many hotspots, especially in the U.S. require users at a minimal check a terms of service box to get internet access. An application like this would not need to be secure as there is no sensitive information being passed.

I strongly disagree with this sentiment. These days HTTPS should be the default for all new features, and HTTP only used when there is a technical requirement preventing the use of HTTPS. We want to make the net secure, not add more attack surface.

There have already been reported incidents where the attacker joins a public wifi and hijacks DHCP. The user should have some assurance that the captive portal they're entering their credit card info into is the right one.

Peter

Attachment: signature.asc
Description: Message signed with OpenPGP using GPGMail

Follow-Ups:
- Re: [Captive-portals] A new draft / idea - draft-wkumari-capport-icmp-unreach
  - From: "Roscoe, Alexander" <[email protected]>
- Re: [Captive-portals] A new draft / idea - draft-wkumari-capport-icmp-unreach
  - From: David Bird <[email protected]>

References:
- Re: [Captive-portals] A new draft / idea - draft-wkumari-capport-icmp-unreach
  - From: David Bird <[email protected]>
- Re: [Captive-portals] A new draft / idea - draft-wkumari-capport-icmp-unreach
  - From: Michael Richardson <[email protected]>
- Re: [Captive-portals] A new draft / idea - draft-wkumari-capport-icmp-unreach
  - From: David Bird <[email protected]>
- Re: [Captive-portals] A new draft / idea - draft-wkumari-capport-icmp-unreach
  - From: Michael Richardson <[email protected]>
- Re: [Captive-portals] A new draft / idea - draft-wkumari-capport-icmp-unreach
  - From: David Bird <[email protected]>
- Re: [Captive-portals] A new draft / idea - draft-wkumari-capport-icmp-unreach
  - From: "Roscoe, Alexander" <[email protected]>

Prev by Date: Re: [Captive-portals] A new draft / idea - draft-wkumari-capport-icmp-unreach
Next by Date: Re: [Captive-portals] A new draft / idea - draft-wkumari-capport-icmp-unreach
Previous by thread: Re: [Captive-portals] A new draft / idea - draft-wkumari-capport-icmp-unreach
Next by thread: Re: [Captive-portals] A new draft / idea - draft-wkumari-capport-icmp-unreach
Index(es):
- Date
- Thread