Re: [Captive-portals] Arguments against (any) Capport "API"

To: Mark Nottingham <[email protected]>

Subject: Re: [Captive-portals] Arguments against (any) Capport "API"

From: Erik Kline <[email protected]>

Date: Mon, 10 Apr 2017 12:28:32 +0900

Archived-at: <https://mailarchive.ietf.org/arch/msg/captive-portals/QPAA0e096WFVAsT4nCZcBUI5U8E>

Authentication-results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=google.com

Cc: Michael Richardson <[email protected]>, [email protected], David Bird <[email protected]>

Delivered-to: [email protected]

Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=Jn42RYEHtI8KPHcvssyrn7gQi1+O5+DAXD4JJnwewss=; b=V16o9DQCVLGYSgXZ8jjEOhSefqwDThyNp1SVS8oTWiBJVaRrHLbIqaog5UXDrTWikv CfoZO7qxxRMhSLxfwFQqgok9yEutRUEugQk+S8jM8WvX1HuWyyTWY39Db4N1+vG2imgC HNM2s1eEz+EGLu4Jm8BBB5rRG/xWkcIMa9iX0BEBjOuRByTouJpSauDMpkAXYel+oFJs ZbXtDduGLfdaozWw49tOtIp5sq2kGdbJG08K4D8lFlVI9VX09ueCmYzIgu7o0c0hftjL GjGbvXyf7IF8nVMWDcsHU1Nn5Ls7DUVo/nxCXk9HIyVIOg+Yua7To8I9P4XVJJZdhwr7 36Mg==

In-reply-to: <[email protected]>

List-archive: <https://mailarchive.ietf.org/arch/browse/captive-portals/>

List-help: <mailto:[email protected]?subject=help>

List-id: Discussion of issues related to captive portals <captive-portals.ietf.org>

List-post: <mailto:[email protected]>

List-subscribe: <https://www.ietf.org/mailman/listinfo/captive-portals>, <mailto:[email protected]?subject=subscribe>

List-unsubscribe: <https://www.ietf.org/mailman/options/captive-portals>, <mailto:[email protected]?subject=unsubscribe>

References: <CADo9JyU2wiEBB4L7ADSybt9se7jCN764JSEoHuGTcuiU_jDscQ@mail.gmail.com> <CAAedzxqR5bWTP_gou+hC5cgQ99tV275nX_ijm7iUok4-h+3wMQ@mail.gmail.com> <CADo9JyVfmhir8YtOR2mzzaaPL_9mBKgFmht6-SA50SfPmh9z6w@mail.gmail.com> <CAAedzxrck9+TBpEp-x8_tG-oxxKh4MQ4-x+iuGNGd6JsG=poQQ@mail.gmail.com> <CADo9JyUKb_c6SPigjUqngUyPvDsbN10TLZX0+B9r92xm6XGgAA@mail.gmail.com> <[email protected]> <CAAedzxo3Gp9ZhLeujZBC0vn9GO=+xHxkAstisoUAX1BCTEtYvQ@mail.gmail.com> <[email protected]>

On 10 April 2017 at 12:07, Mark Nottingham <[email protected]> wrote:

> On 10 Apr 2017, at 12:53 pm, Erik Kline <[email protected]> wrote:
>
>
>
> On 8 April 2017 at 04:54, Michael Richardson <[email protected]> wrote:
>
> David Bird <[email protected]> wrote:
> > portal (or when the venue evaded your detection). Maybe the captive
> > portal networks wants to offer these services in their walled
> > garden... and it is likely the user would be happy about that
> > (provided they selected the network on purpose).
>
> Consider a school that uses Google Apps (like my sons').
>
> They run a somewhat loose firewall that blacklists stuff; but probably would
> be better off to whitelist things.
>
> The ICMP reply could very well be used to trigger the teacher override.
>
> This is an interesting point. We should consider what types of access restriction are in scope.
>
> Consider zero-rating, for example. Should the aim be to provide a general hint of network restriction, or on a per-destination basis?

Our charter is expressed in terms of authorization for network access. I could see providing context about the quality of the Internet connection (a la BCP104), but allowing destination-by-destination granularity has some pretty significant potential impact; it will basically be giving the IETF's blessing to zero-rating, and in some markets that's a very contentious topic.

So, we need to proceed carefully. IMO, we don't need to provide a per-destination capability to meet the charter, and doing so could add significant risk to an already risky endeavour.

As someone who has pushed back on zero-rating, I certainly feel the same.

While the charter does mention capital-"I" Internet, other parts are expressed in terms of "limited environments", "parameters of confinement", and other phrases. I'm perfectly fine with zero-rating being a non-objective. =)

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature