Re: [Captive-portals] time-based walled gardens

To: Mikael Abrahamsson <[email protected]>

Subject: Re: [Captive-portals] time-based walled gardens

From: David Bird <[email protected]>

Date: Mon, 10 Apr 2017 07:13:39 -0700

Archived-at: <https://mailarchive.ietf.org/arch/msg/captive-portals/TH9G-DcBGAtPmhbAKunm76bW-PA>

Authentication-results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=google.com

Cc: Michael Richardson <[email protected]>, [email protected]

Delivered-to: [email protected]

Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=nC2czKyweuWGlNDo/eil5oqk3WJw9CJfTXe6qzv+kWw=; b=JyeLXKdpeQgKr37kZYIX0zeLmC9I7XmYBtmHXA+dYJ8gviZAQ9d5/HVgwJEmscEqDc rsxTSrr339xt281nPOjXccCBHwC0suZZZAuFz4nNJkf6kATq6b4Bwbkv/uyMFi5cIMKt svWqwKDNSjO19yr2sR8QJxjCkwLXuTXF95x9/+PuoY/Mfc0kghi4ezbyjv6XnaAEDxsD zp5qHx3pDr9Ja+wZa4Qbd95FF0Y4i4hFIwKt6VE+zFL1zB6UQBZe9wxgXB3menGAAVj6 G/vxJT6nHzEgllgKsHEwJXWiL+R3gamKdxNeyx5W6r3WjiXy3p97rRreY0Loknon+ZjP p6+A==

In-reply-to: <[email protected]>

List-archive: <https://mailarchive.ietf.org/arch/browse/captive-portals/>

List-help: <mailto:[email protected]?subject=help>

List-id: Discussion of issues related to captive portals <captive-portals.ietf.org>

List-post: <mailto:[email protected]>

List-subscribe: <https://www.ietf.org/mailman/listinfo/captive-portals>, <mailto:[email protected]?subject=subscribe>

List-unsubscribe: <https://www.ietf.org/mailman/options/captive-portals>, <mailto:[email protected]?subject=unsubscribe>

References: <CADo9JyU2wiEBB4L7ADSybt9se7jCN764JSEoHuGTcuiU_jDscQ@mail.gmail.com> <CAAedzxqR5bWTP_gou+hC5cgQ99tV275nX_ijm7iUok4-h+3wMQ@mail.gmail.com> <CADo9JyVfmhir8YtOR2mzzaaPL_9mBKgFmht6-SA50SfPmh9z6w@mail.gmail.com> <CAAedzxrck9+TBpEp-x8_tG-oxxKh4MQ4-x+iuGNGd6JsG=poQQ@mail.gmail.com> <CADo9JyUKb_c6SPigjUqngUyPvDsbN10TLZX0+B9r92xm6XGgAA@mail.gmail.com> <[email protected]> <CAAedzxo3Gp9ZhLeujZBC0vn9GO=+xHxkAstisoUAX1BCTEtYvQ@mail.gmail.com> <CADo9JyUr2rpZBjz5zMrrUmi8+gR9VGxBFhMLGVqFGYiWsOic6w@mail.gmail.com> <[email protected]> <[email protected]>

I think one difference in public access vs. other access is that in public access (for right or wrong) there are commercial incentives to give you misleading information in order to trick your device into behaving a desired way.

I agree that (yet another) API might not be making anything easier. Which is why I view RFC7710 + ICMP as a very simple solution, that builds on top of basic, existing, 'building blocks'. DHCP/RA giving a bit of network configuration (which it does today), and ICMP giving you feedback about the fate of your packets (something it does today). The NAS isn't doing anything different -- it is still deciding what gets through and what doesn't. The NAS is probably already sending ICMP for blocked traffic (or it isn't, leading to connection timeouts). Implementing the NAS portion is super simple (and can be implemented in may places in your network - iptables, separate rate limiter, etc).

I view this relatively SIMPLE protocol, which at its core is just telling you the 'truth' (or at least as close as you can get to it, subject to the same risks as ICMP in general) about what happened to your packets and why.

On Mon, Apr 10, 2017 at 6:52 AM, Mikael Abrahamsson <[email protected]> wrote:

On Mon, 10 Apr 2017, Michael Richardson wrote:

All of these things would seem to be doable with the ICMP plus RESTful API. It seems that the session-ID can deal with these changes, and the validity could indicate things like valid until the end-of-school day.

This is an interesting idea. MIF WG had the idea of PVDs. ALTO WG has the idea about "application-layer traffic optimization", and a server to tell you information. ALTO also has its own discovery mechanism for how to find the ALTO server. CAPPORT has its own proposal to do that. MIF also had PVD-prooposal, now being done in INT-AREA.

To me all these solutions seem to be very closely related in solution-space, and I wish we could all agree on one mechanism that could work for all use-cases.

It seems to me that you're now suggesting yet another one?

--
Mikael Abrahamsson email: [email protected]

_______________________________________________
Captive-portals mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/captive-portals