Captive-Portal Identification in DHCP / RA
draft-ekwk-capport-rfc7710bis-00

Document Type Active Internet-Draft (individual)
Last updated 2018-07-15
Stream (None)
Intended RFC status (None)
Formats plain text xml pdf html bibtex
Stream Stream state (No stream defined)
Consensus Boilerplate Unknown
RFC Editor Note (None)
IESG IESG state I-D Exists
Telechat date
Responsible AD (None)
Send notices to (None)
Network Working Group                                          W. Kumari
Internet-Draft                                                    Google
Updates: 7710 (if approved)                                     E. Kline
Intended status: Standards Track                            Google Japan
Expires: January 16, 2019                                  July 15, 2018

               Captive-Portal Identification in DHCP / RA
                    draft-ekwk-capport-rfc7710bis-00

Abstract

   In many environments offering short-term or temporary Internet access
   (such as coffee shops), it is common to start new connections in a
   captive portal mode.  This highly restricts what the customer can do
   until the customer has authenticated.

   This document describes a DHCP option (and a Router Advertisement
   (RA) extension) to inform clients that they are behind some sort of
   captive-portal device, and that they will need to authenticate to get
   Internet access.  It is not a full solution to address all of the
   issues that clients may have with captive portals; it is designed to
   be used in larger solutions.  The method of authenticating to, and
   interacting with the captive portal is out of scope of this document.

   [ This document is being collaborated on in Github at:
   https://github.com/wkumari/draft-ekwk-capport-rfc7710bis.  The most
   recent version of the document, open issues, etc should all be
   available here.  The authors (gratefully) accept pull requests.  Text
   in square brackets will be removed before publication. ]

Status of This Memo

   This Internet-Draft is submitted in full conformance with the
   provisions of BCP 78 and BCP 79.

   Internet-Drafts are working documents of the Internet Engineering
   Task Force (IETF).  Note that other groups may also distribute
   working documents as Internet-Drafts.  The list of current Internet-
   Drafts is at http://datatracker.ietf.org/drafts/current/.

   Internet-Drafts are draft documents valid for a maximum of six months
   and may be updated, replaced, or obsoleted by other documents at any
   time.  It is inappropriate to use Internet-Drafts as reference
   material or to cite them other than as "work in progress."

   This Internet-Draft will expire on January 16, 2019.

Kumari & Kline          Expires January 16, 2019                [Page 1]
Internet-Draft             DHCP Captive-Portal                 July 2018

Copyright Notice

   Copyright (c) 2018 IETF Trust and the persons identified as the
   document authors.  All rights reserved.

   This document is subject to BCP 78 and the IETF Trust's Legal
   Provisions Relating to IETF Documents
   (http://trustee.ietf.org/license-info) in effect on the date of
   publication of this document.  Please review these documents
   carefully, as they describe your rights and restrictions with respect
   to this document.  Code Components extracted from this document must
   include Simplified BSD License text as described in Section 4.e of
   the Trust Legal Provisions and are provided without warranty as
   described in the Simplified BSD License.

Table of Contents

   1.  Introduction  . . . . . . . . . . . . . . . . . . . . . . . .   2
     1.1.  Requirements Notation . . . . . . . . . . . . . . . . . .   3
   2.  The Captive-Portal Option . . . . . . . . . . . . . . . . . .   3
     2.1.  IPv4 DHCP Option  . . . . . . . . . . . . . . . . . . . .   4
     2.2.  IPv6 DHCP Option  . . . . . . . . . . . . . . . . . . . .   4
     2.3.  The Captive-Portal IPv6 RA Option . . . . . . . . . . . .   5
   3.  IANA Considerations . . . . . . . . . . . . . . . . . . . . .   5
     3.1.  IETF params Registration  . . . . . . . . . . . . . . . .   5
   4.  Security Considerations . . . . . . . . . . . . . . . . . . .   6
   5.  Acknowledgements  . . . . . . . . . . . . . . . . . . . . . .   6
   6.  Normative References  . . . . . . . . . . . . . . . . . . . .   7
   Appendix A.  Changes / Author Notes.  . . . . . . . . . . . . . .   8
   Authors' Addresses  . . . . . . . . . . . . . . . . . . . . . . .   8

1.  Introduction

   In many environments, users need to connect to a captive-portal
   device and agree to an Acceptable Use Policy (AUP) and / or provide
   billing information before they can access the Internet.  It is
   anticipated that the IETF will work on a more fully featured protocol
   at some point, to ease interaction with Captive Portals.  Regardless
   of how that protocol operates, it is expected that this document will
   provide needed functionality because the client will need to know
   when it is behind a captive portal and how to contact it.

   In order to present users with the payment or AUP pages, the captive-
   portal device has to intercept the user's connections and redirect
   the user to the captive portal, using methods that are very similar
   to man-in-the-middle (MITM) attacks.  As increasing focus is placed
   on security, and end nodes adopt a more secure stance, these
Show full document text