CAPtive PORTal interaction
charter-ietf-capport-01
Revision differences
Document history
Date | Rev. | By | Action |
---|---|---|---|
2019-03-27
|
01 | Cindy Morgan | Responsible AD changed to Barry Leiba from Adam Roach |
2018-01-30
|
01 | Amy Vezza | Responsible AD changed to Adam Roach from Barry Leiba |
2016-01-04
|
01 | Cindy Morgan | New version available: charter-ietf-capport-01.txt |
2016-01-04
|
01 | Cindy Morgan | State changed to Approved from IESG review |
2016-01-04
|
01 | Cindy Morgan | IESG has approved the charter |
2016-01-04
|
01 | Cindy Morgan | Closed "Approve" ballot |
2016-01-04
|
01 | Cindy Morgan | Closed "Ready for external review" ballot |
2016-01-04
|
00-05 | Cindy Morgan | WG action text was changed |
2015-12-08
|
00-05 | Barry Leiba | New version available: charter-ietf-capport-00-05.txt |
2015-12-08
|
00-04 | Barry Leiba | New version available: charter-ietf-capport-00-04.txt |
2015-11-19
|
00-03 | Alia Atlas | [Ballot Position Update] New position, No Objection, has been recorded for Alia Atlas |
2015-11-19
|
00-03 | Benoît Claise | [Ballot comment] What's the relationship with draft-wkumari-dhc-capport-16? Any value in mentioning it in the charter? "Building on/Integrating/Improving/... (*) draft-wkumari-dhc-capport-16 (RFC editor queue), the WG … [Ballot comment] What's the relationship with draft-wkumari-dhc-capport-16? Any value in mentioning it in the charter? "Building on/Integrating/Improving/... (*) draft-wkumari-dhc-capport-16 (RFC editor queue), the WG will ..." (*) depending on the answer to the first question |
2015-11-19
|
00-03 | Benoît Claise | [Ballot Position Update] New position, No Objection, has been recorded for Benoit Claise |
2015-11-19
|
00-03 | Jari Arkko | [Ballot comment] The phrase "unrestricted access" was not clear to me. Perhaps you meant "Internet access". |
2015-11-19
|
00-03 | Jari Arkko | [Ballot Position Update] New position, No Objection, has been recorded for Jari Arkko |
2015-11-18
|
00-03 | Stephen Farrell | [Ballot Position Update] New position, Yes, has been recorded for Stephen Farrell |
2015-11-18
|
00-03 | Kathleen Moriarty | [Ballot Position Update] New position, No Objection, has been recorded for Kathleen Moriarty |
2015-11-18
|
00-03 | Ben Campbell | [Ballot Position Update] New position, Yes, has been recorded for Ben Campbell |
2015-11-18
|
00-03 | Alvaro Retana | [Ballot Position Update] New position, No Objection, has been recorded for Alvaro Retana |
2015-11-17
|
00-03 | Terry Manderson | [Ballot Position Update] New position, No Objection, has been recorded for Terry Manderson |
2015-11-17
|
00-03 | Deborah Brungard | [Ballot Position Update] New position, No Objection, has been recorded for Deborah Brungard |
2015-11-17
|
00-03 | Martin Stiemerling | [Ballot Position Update] New position, No Objection, has been recorded for Martin Stiemerling |
2015-11-17
|
00-03 | Alissa Cooper | [Ballot comment] The phrase "satisfy the requirements" is pretty ambiguous. I would suggest either explaining what requirements are intended (e.g., "the network operator's requirements for … [Ballot comment] The phrase "satisfy the requirements" is pretty ambiguous. I would suggest either explaining what requirements are intended (e.g., "the network operator's requirements for obtaining network access" or something along those lines) or dropping the phrase altogether if the point is really just to provide the URL. |
2015-11-17
|
00-03 | Alissa Cooper | [Ballot Position Update] New position, Yes, has been recorded for Alissa Cooper |
2015-11-16
|
00-03 | Spencer Dawkins | [Ballot comment] Warren responded nicely to my comment on the 00-01 version about "As endpoints become inherently more secure, existing interception techniques will become less … [Ballot comment] Warren responded nicely to my comment on the 00-01 version about "As endpoints become inherently more secure, existing interception techniques will become less effective or will fail entirely." and I understand that a previous version that attempted to say "inherently more secure because X mechanisms are being deployed" was problematic, but the current text still sounds like we're thinking happy thoughts, and I know you aren't. Would it be any less problematic to say "inherently more secure in response to X security threats"? Where X might be "pervasive surveillance", "DNS spoofing", etc? "No" might be a perfectly reasonable answer ... |
2015-11-16
|
00-03 | Spencer Dawkins | [Ballot Position Update] New position, Yes, has been recorded for Spencer Dawkins |
2015-11-12
|
00-03 | Brian Haberman | [Ballot Position Update] New position, No Objection, has been recorded for Brian Haberman |
2015-11-08
|
00-03 | Joel Jaeggli | [Ballot comment] The CAPPORT Working Group will define secure mechanisms and protocols to - allow endpoints to discover that they are in this sort of … [Ballot comment] The CAPPORT Working Group will define secure mechanisms and protocols to - allow endpoints to discover that they are in this sort of limited environment, I'm not personally convinced that capport will necessarily be more successful then DHC in securing initial signaling which strongly implies to me that we should not constrain it in this way. that said I think further along in process (vending a webpage) other security mechanisms come into play and that seems highly likely. |
2015-11-08
|
00-03 | Joel Jaeggli | [Ballot Position Update] New position, No Objection, has been recorded for Joel Jaeggli |
2015-11-01
|
00-03 | Barry Leiba | [Ballot Position Update] New position, Yes, has been recorded for Barry Leiba |
2015-11-01
|
00-03 | Barry Leiba | Created "Approve" ballot |
2015-11-01
|
00-03 | Barry Leiba | State changed to IESG review from External review |
2015-10-16
|
00-03 | Cindy Morgan | Telechat date has been changed to 2015-11-19 from 2015-10-15 |
2015-10-16
|
00-03 | Cindy Morgan | State changed to External review from Internal review |
2015-10-16
|
00-03 | Cindy Morgan | WG new work message text was changed |
2015-10-16
|
00-03 | Cindy Morgan | WG review text was changed |
2015-10-16
|
00-02 | Cindy Morgan | WG review text was changed |
2015-10-16
|
00-02 | Cindy Morgan | WG review text was changed |
2015-10-16
|
00-02 | Cindy Morgan | WG review text was changed |
2015-10-15
|
00-03 | Barry Leiba | New version available: charter-ietf-capport-00-03.txt |
2015-10-15
|
00-02 | Barry Leiba | New version available: charter-ietf-capport-00-02.txt |
2015-10-15
|
00-01 | Stephen Farrell | [Ballot comment] Good to see us trying to make this better. One question below. (I'm still a "yes" ballot regardless of whether the answer is … [Ballot comment] Good to see us trying to make this better. One question below. (I'm still a "yes" ballot regardless of whether the answer is yes or no btw.) Say if someone wanted to make a protocol to advertise that such and such a captive portal exists and can be interacted with at such and such a URL when one is connected to such and such a WLAN/LAN/SSID in such and such a location. Would discussing that be in scope for the WG? |
2015-10-15
|
00-01 | Stephen Farrell | [Ballot Position Update] New position, Yes, has been recorded for Stephen Farrell |
2015-10-15
|
00-01 | Brian Haberman | [Ballot comment] I agree with Joel that we should keep non-human-driven machines in mind. |
2015-10-15
|
00-01 | Brian Haberman | [Ballot Position Update] New position, No Objection, has been recorded for Brian Haberman |
2015-10-15
|
00-01 | Benoît Claise | [Ballot Position Update] New position, No Objection, has been recorded for Benoit Claise |
2015-10-15
|
00-01 | Jari Arkko | [Ballot comment] This is important work and should go forward. Minor comment which you can ignore: on re-reading the charter, I thought that the concepts … [Ballot comment] This is important work and should go forward. Minor comment which you can ignore: on re-reading the charter, I thought that the concepts of captive portals and roaming was a bit mixed. These are independent issues. A web-based captive portal may allow roaming, but would still benefit from the results of this working group. A non-roaming 802.1X or EAP or application-based access point would not need. I'd suggest that the real issue is whether one uses web traffic capture or automated 1X/EAP/application mechanisms to attach. In the former case the results of this working group apply; in the latter case they don't nor is there any need to add something. |
2015-10-15
|
00-01 | Jari Arkko | [Ballot Position Update] New position, Yes, has been recorded for Jari Arkko |
2015-10-15
|
00-01 | Terry Manderson | [Ballot Position Update] New position, No Objection, has been recorded for Terry Manderson |
2015-10-14
|
00-01 | Ben Campbell | [Ballot comment] I agree with Spencer's comment about MiTM attacks. |
2015-10-14
|
00-01 | Ben Campbell | [Ballot Position Update] New position, Yes, has been recorded for Ben Campbell |
2015-10-14
|
00-01 | Deborah Brungard | [Ballot Position Update] New position, No Objection, has been recorded for Deborah Brungard |
2015-10-14
|
00-01 | Martin Stiemerling | [Ballot Position Update] New position, No Objection, has been recorded for Martin Stiemerling |
2015-10-14
|
00-01 | Alia Atlas | [Ballot Position Update] New position, No Objection, has been recorded for Alia Atlas |
2015-10-13
|
00-01 | Alvaro Retana | [Ballot Position Update] New position, No Objection, has been recorded for Alvaro Retana |
2015-10-13
|
00-01 | Kathleen Moriarty | [Ballot comment] I support Spencer's text change to explicitly state man-in-the-middle attacks. |
2015-10-13
|
00-01 | Kathleen Moriarty | [Ballot Position Update] New position, No Objection, has been recorded for Kathleen Moriarty |
2015-10-12
|
00-01 | Joel Jaeggli | [Ballot comment] Might consider a block on this but it's readily addressed. A stretch-goal / phase 2 work may attempt to solve this problem for … [Ballot comment] Might consider a block on this but it's readily addressed. A stretch-goal / phase 2 work may attempt to solve this problem for devices that have no human interaction (such as "IoT" devices). Rather than presuppose what might be in a future charter I would simply include this as a potential issue. one probably bad proposal is: A secondary goal is to look at the problem posed to or by devices that have little or no recourse to human interaction. |
2015-10-12
|
00-01 | Joel Jaeggli | [Ballot Position Update] New position, No Objection, has been recorded for Joel Jaeggli |
2015-10-12
|
00-01 | Spencer Dawkins | [Ballot comment] This would be great. I did have a couple of observations for your consideration. Two comments on this text: "Currently, network providers use … [Ballot comment] This would be great. I did have a couple of observations for your consideration. Two comments on this text: "Currently, network providers use a number of interception techniques to reach a human user (such as intercepting cleartext HTTP to force a redirect to a web page of their choice), and these interceptions often look like man-in-the-middle attacks. As endpoints become inherently more secure, existing interception techniques will become less effective or will fail entirely. This will result in a poor user experience as well as a lower rate of success for the Captive Portal operator." RFC 7258/BCP 188 characterizes monitoring for network management as "indistinguishable from other attacks", and we're talking about actual hijacking here, not just monitoring. Perhaps it's better to say "these interceptions are indistinguishable from man-in-the-middle attacks". ("they look like man-in-the-middle attacks because they are man-in-the-middle attacks" :-) I'm not sure what "As endpoints become inherently more secure" means. Is this a reference to endpoints using TLS by default, and refusing to downgrade to plaintext? I thought "These might or might not be published as RFCs, and/or might be combined in some way." was awkward. Perhaps "These might or might not be published as RFCs, and might or might not be combined in some way." would be clearer? |
2015-10-12
|
00-01 | Spencer Dawkins | [Ballot Position Update] New position, Yes, has been recorded for Spencer Dawkins |
2015-10-01
|
00-01 | Barry Leiba | [Ballot Position Update] New position, Yes, has been recorded for Barry Leiba |
2015-09-30
|
00-01 | Barry Leiba | Placed on agenda for telechat - 2015-10-15 |
2015-09-30
|
00-01 | Barry Leiba | WG action text was changed |
2015-09-30
|
00-01 | Barry Leiba | WG review text was changed |
2015-09-30
|
00-01 | Barry Leiba | Created "Ready for external review" ballot |
2015-09-30
|
00-01 | Barry Leiba | State changed to Internal review from Informal IESG review |
2015-09-30
|
00-01 | Barry Leiba | Changed charter milestone "Captive Portal Industry Survey", set due date to June 2016 from June 2015 |
2015-09-30
|
00-01 | Barry Leiba | New version available: charter-ietf-capport-00-01.txt |
2015-09-30
|
00-00 | Barry Leiba | Added charter milestone "Protocol to discover and interact with a Captive Portal", due December 2016 |
2015-09-30
|
00-00 | Barry Leiba | Added charter milestone "Captive Portal Taxonomy", due June 2016 |
2015-09-30
|
00-00 | Barry Leiba | Added charter milestone "Captive Portal Industry Survey", due June 2015 |
2015-09-30
|
00-00 | Barry Leiba | Initial review time expires 2015-10-07 |
2015-09-30
|
00-00 | Barry Leiba | State changed to Informal IESG review from Not currently under review |
2015-09-30
|
00-00 | Barry Leiba | New version available: charter-ietf-capport-00-00.txt |