Re: [Captive-portals] Arguments against (any) Capport "API"

To: Michael Richardson <[email protected]>

Subject: Re: [Captive-portals] Arguments against (any) Capport "API"

From: David Bird <[email protected]>

Date: Thu, 6 Apr 2017 08:34:42 -0700

Archived-at: <https://mailarchive.ietf.org/arch/msg/captive-portals/XfMYIn1VuGh-rrX9byhCwG3hH8M>

Authentication-results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=google.com

Cc: "[email protected]" <[email protected]>

Delivered-to: [email protected]

Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=igRAA8yZUiZB/YvXg9VLy8Pa7MlShty34jCy+bZ/t10=; b=JuZiptobUiXrt7i75tPLPac//2LXHjP/H/jvyRimP/RhQkeV8u9zhzyf4HnvzUAee4 Fe4Q3Kv321cZ9jlqiKY1TqPavZrlVIvFIB6aNuIqdNthPs1EOaIRUtyAR/oxIH2InVk7 Pq/E3Up4YUxwO0cLsRJIDJmDH1laMC/71F/BrZ+LAMvB4WfaHu02ZZ07xbD25X2zZCno jGHV2JhSDEWUR+YIek6+nJIWWkDXirJbCfAS36OE0x3EVzNLYfMVZtt2WvfYM9hRTl/8 4WrnxO0cNOXP6cYgh3BtIV/HJFmDnERRMnn4GTKvss7W9lloq1XatlFfG0PtE2tmWMrI FzRg==

In-reply-to: <[email protected]>

List-archive: <https://mailarchive.ietf.org/arch/browse/captive-portals/>

List-help: <mailto:[email protected]?subject=help>

List-id: Discussion of issues related to captive portals <captive-portals.ietf.org>

List-post: <mailto:[email protected]>

List-subscribe: <https://www.ietf.org/mailman/listinfo/captive-portals>, <mailto:[email protected]?subject=subscribe>

List-unsubscribe: <https://www.ietf.org/mailman/options/captive-portals>, <mailto:[email protected]?subject=unsubscribe>

References: <CADo9JyU2wiEBB4L7ADSybt9se7jCN764JSEoHuGTcuiU_jDscQ@mail.gmail.com> <[email protected]> <CADo9JyVr07w5GRpF+UzSBHRuo=V=3p9MeyhFdzB+5pZk7_amNw@mail.gmail.com> <[email protected]> <CADo9JyXMkqomOpvUWhzZs77eOPvx-g0L-tR5oSz6D4mfjaaUWQ@mail.gmail.com> <[email protected]> <CADo9JyUyQo++b=_oLHd33vjsA_KxLcwwTFjb3T4PDeWmyBfPwQ@mail.gmail.com> <CADo9JyUwVp+xkO444NRH=oMW++MJeCpPHo+j6vg8hfA6wBYGKw@mail.gmail.com> <[email protected]> <E8355113905631478EFF04F5AA706E9870579542@wtl-exchp-1.sandvine.com> <CADo9JyWPQeDO1iDDi_ywQie21UgcaBuOArZ+wBBxkRV1E6YA_Q@mail.gmail.com> <D2A19ABBC0147C40BFBB83D1CF3E95F03FDD745B@wtl-exchp-2.sandvine.com> <CADo9JyWXAmvwDUVvPoFMO60L741BJ0=upoNdNXQK+FeVRC7O4w@mail.gmail.com> <[email protected]>

On Thu, Apr 6, 2017 at 8:05 AM, Michael Richardson <[email protected]> wrote:

David Bird <[email protected]> wrote:
> I agree, but chances are VERY high that _something_ will trigger the Os
> capport detection to give the user a captive portal notification. If
> not, then the walled garden is so large that the UE (nor the user)

Only if the user hasn't got another network connection.

There may be many possible (wifi) networks available, and being able to ask
each what they provide without leaking any other http traffic or DNS requests
seems like a good thing to me.

a) You are already leaking information (DHCP, etc) as you need IP connectivity before you do anything (unlike Hotspot 2.0 where you are in fact querying networks prior to association). In the case of Open WiFi, you also already had user intent to join the network. If you are talking about auto-login scenarios and leaking information, I'd argue that has nothing to do with "captive portals" and more to do with "public access" ... and auto-login into public access is pretty much always a bad idea (unless further security is being provided).

b) You will happily leak all this information when there IS NOT a captive portal... How did the portal increase your exposure? The portal, in some respects, is doing you a favor.

I haven't found the point in the thread where the arguments against were
clearly stated. Feel free to unicast me a pointer to the right part of
the archives.

a) There really is no incentive for any venue/operator to deploy the API (if there is an incentive, it isn't to the benefit of the user, see below)

b) If 'discovery' (e.g. knowing what is in walled garden, etc) is through an API, you will have hotspots that keep Capport device 'captive' when the network might not really enforce it. I think you just gave the operator WAY too much control over the Capport compliant device. Not to mention, it would be embarrassing that you will have hotspots that keep "Capport compliance" devices captive, where legacy devices are not.

c) There is highly likely that you will have broken implementation (e.g. an API and a DHCP server support Capport, but without any real NAS) - this could be intentional or completely by mistake. You can imagine it would be pretty easy to mistakenly configure a DHCP server with a "Captive Portal URL", pointing it to some hotspot provider company, and presto - you have a Capport device only hotspot (that doesn't actually work).

d) There will be such huge problems in deployment that UEs will just ignore this Capport API, still rely on Legacy discovery, and nothing has changed (in fact, it only got more complicated and broken).