[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Captive-portals] is the MPD architecture applicable?

To: "[email protected]" <[email protected]>
Subject: Re: [Captive-portals] is the MPD architecture applicable?
From: Tim Chown <[email protected]>
Date: Wed, 21 Oct 2015 14:07:38 +0100
Archived-at: <http://mailarchive.ietf.org/arch/msg/captive-portals/Z9Vsk-Cr553nowTlpuTwM5f-CJk>
Delivered-to: [email protected]
Dkim-signature: v=1; a=rsa-sha1; c=simple/simple; d=ecs.soton.ac.uk; s=201304; t=1445432835; bh=y9TNX+Hv0HfgXMYBJxrufy1PErI=; h=Mime-Version:Subject:From:In-Reply-To:Date:References:To; b=2Q0hWNNBZxzT4wgHhiiGA6ae1Sw2rwESHwjcBxEk5flNuliFvi5k25Gh93I8tNF1p Vs69KMG2N//P2XHaPnGKWlvYe6KEf/m5UqCjMgWPFPPn7QKQqHy+00kq0YtElMXHHE uvIyhvuAca1uZuyXttOe4fsFRdXaI1SLnzws9DVM=
In-reply-to: <[email protected]>
List-archive: <https://mailarchive.ietf.org/arch/browse/captive-portals/>
List-help: <mailto:[email protected]?subject=help>
List-id: Discussion of issues related to captive portals <captive-portals.ietf.org>
List-post: <mailto:[email protected]>
List-subscribe: <https://www.ietf.org/mailman/listinfo/captive-portals>, <mailto:[email protected]?subject=subscribe>
List-unsubscribe: <https://www.ietf.org/mailman/options/captive-portals>, <mailto:[email protected]?subject=unsubscribe>
References: <A6A061BEE5DDC94A9692D9D81AF776DF40A40ADF@SZXEMA512-MBX.china.huawei.com> <[email protected]> <A6A061BEE5DDC94A9692D9D81AF776DF40A40B39@SZXEMA512-MBX.china.huawei.com> <[email protected]> <[email protected]>

> On 21 Oct 2015, at 06:29, joel jaeggli <[email protected]> wrote:
> 
> If the question is, "Is a proposal to facilitate the interception of ssl
> connection attempts (enabling a man in the middle attack) by
> intermediate parties appropriate work for captive portals to undertake?"
> My personal opinion is no.

I would certainly agree. In my view the capport WG should be building a model to prevent that happening, through prior discovery of the portal.

As an aside, I wonder whether the recently defined MPD architecture can be used as at least one architecture to consider for capport - see https://tools.ietf.org/html/rfc7556. The opening work items of the updated mif charter seem to fit - https://datatracker.ietf.org/wg/mif/charter/, and it’s certainly not uncommon for a device to be presented with multiple captive portals in many locations. Or at the very least a 3G/4G interface and a WiFi interface that may see one captive portal (as per 4.1 of RFC 7556).

Tim

References:
- [Captive-portals] FW: [TLS] FW: New Version Notification for draft-zhou-tls-server-redirect-00.txt
  - From: "Zhouqian (Cathy)" <[email protected]>
- Re: [Captive-portals] FW: [TLS] FW: New Version Notification for draft-zhou-tls-server-redirect-00.txt
  - From: joel jaeggli <[email protected]>
- Re: [Captive-portals] FW: [TLS] FW: New Version Notification for draft-zhou-tls-server-redirect-00.txt
  - From: "Zhouqian (Cathy)" <[email protected]>
- Re: [Captive-portals] FW: [TLS] FW: New Version Notification for draft-zhou-tls-server-redirect-00.txt
  - From: joel jaeggli <[email protected]>

Prev by Date: Re: [Captive-portals] FW: [TLS] FW: New Version Notification for draft-zhou-tls-server-redirect-00.txt
Next by Date: Re: [Captive-portals] FW: [TLS] FW: New Version Notification for draft-zhou-tls-server-redirect-00.txt
Previous by thread: Re: [Captive-portals] [TLS] FW: New Version Notification for draft-zhou-tls-server-redirect-00.txt
Next by thread: [Captive-portals] Tokyo
Index(es):
- Date
- Thread