Network Working Group                                         P. Pfister
Internet-Draft                                                     Cisco
Intended status: Standards Track                                T. Pauly
Expires: January 1, 2019                                      Apple Inc.
                                                           June 30, 2018


        Using Provisioning Domains for Captive Portal Discovery
                      draft-pfister-capport-pvd-00

Abstract

   Devices that connect to Captive Portals need a way to identify that
   the network is restricted and discover a method for opening up
   access.  This document defines how to use Provisioning Domain
   Additional Information to discover a Captive Portal API URI.

Status of This Memo

   This Internet-Draft is submitted in full conformance with the
   provisions of BCP 78 and BCP 79.

   Internet-Drafts are working documents of the Internet Engineering
   Task Force (IETF).  Note that other groups may also distribute
   working documents as Internet-Drafts.  The list of current Internet-
   Drafts is at https://datatracker.ietf.org/drafts/current/.

   Internet-Drafts are draft documents valid for a maximum of six months
   and may be updated, replaced, or obsoleted by other documents at any
   time.  It is inappropriate to use Internet-Drafts as reference
   material or to cite them other than as "work in progress."

   This Internet-Draft will expire on January 1, 2019.

Copyright Notice

   Copyright (c) 2018 IETF Trust and the persons identified as the
   document authors.  All rights reserved.

   This document is subject to BCP 78 and the IETF Trust's Legal
   Provisions Relating to IETF Documents
   (https://trustee.ietf.org/license-info) in effect on the date of
   publication of this document.  Please review these documents
   carefully, as they describe your rights and restrictions with respect
   to this document.  Code Components extracted from this document must
   include Simplified BSD License text as described in Section 4.e of
   the Trust Legal Provisions and are provided without warranty as
   described in the Simplified BSD License.



Pfister & Pauly          Expires January 1, 2019                [Page 1]


Internet-Draft             Captive Portal PvD                  June 2018


Table of Contents

   1.  Introduction  . . . . . . . . . . . . . . . . . . . . . . . .   2
   2.  Captive Portal URI Option . . . . . . . . . . . . . . . . . .   2
   3.  Client Behavior . . . . . . . . . . . . . . . . . . . . . . .   3
   4.  Security Considerations . . . . . . . . . . . . . . . . . . .   3
   5.  IANA Considerations . . . . . . . . . . . . . . . . . . . . .   3
   6.  Acknowledgements  . . . . . . . . . . . . . . . . . . . . . .   4
   7.  References  . . . . . . . . . . . . . . . . . . . . . . . . .   4
     7.1.  Normative References  . . . . . . . . . . . . . . . . . .   4
     7.2.  Informative References  . . . . . . . . . . . . . . . . .   4
   Authors' Addresses  . . . . . . . . . . . . . . . . . . . . . . .   4

1.  Introduction

   The Captive Portal Architecture [I-D.ietf-capport-architecture]
   defines the interaction model for how client devices (also referred
   to as User Equipment) interact with a network that is restricted and
   requires explicit user interaction to allow a device to access the
   Internet.  The first step of this process involves a Provisioning
   Service communicating with the User Equipment to indicate that the
   network is captive, and how to get out of captivity.  The key piece
   of information that the Provisioning Service provides is the URI of a
   JSON-based API that allows the User Equipment to interact with the
   captive portal.  This API is specified in [I-D.ietf-capport-api].

   This document defines the mechanism for using Provisioning Domain
   (PvD) Additional Information as the Captive Portal Provisioning
   Service.  A PvD defines a consistent and usable set of network
   configurations [RFC7556].  A Captive Network is one example of a PvD
   that has unique properties that a device needs to be aware of when
   presenting networks to generic applications.  Naming specific PvDs
   and presenting a set of Additional Information for a PvD is defined
   in [I-D.ietf-intarea-provisioning-domains].

2.  Captive Portal URI Option

   The Additional Information fetched for a PvD is presented as JSON.
   This document defines a new key to be used to identify the Captive
   Portal API URI.  As specified in [I-D.ietf-capport-api], this URI
   MUST have an "https" scheme.

   JSON Key:  captive-api

   Description:  URI of Captive Portal API

   Type:  UTF-8 string [RFC3629]




Pfister & Pauly          Expires January 1, 2019                [Page 2]


Internet-Draft             Captive Portal PvD                  June 2018


   Example:  "https://captive.example.com/api"

3.  Client Behavior

   When a client device that support PvDs attaches a network, it will
   discover if there is one or more named PvDs on the network with a
   Router Advertisement as specified in
   [I-D.ietf-intarea-provisioning-domains].

   If the PvD indicates that it has Additional Information, the client
   device SHOULD fetch the Additional Information prior to allowing the
   PvD to be used for generic network access, in case the network is
   restricted or captive.  If the Additional Information contains the
   "captive-api" key, then the client device can interact with the
   Captive Portal API before proceeding with using the network.  If the
   Additional Information does not contain the "captive-api" key, then
   the client SHOULD assume that the network is not captive, and proceed
   with using the network.

   If the PvD indicates that it has no Additional Information, the
   client device SHOULD assume that the network is not captive, and
   proceed with using the network.

   It is possible that a misconfigured network will provide a named PvD
   without explicitly marking the captive option, while still
   restricting network access and providing a Captive Portal.  In this
   case, connections made by the client device may be blocked or
   redirected, as occurs in captive network in which there is no
   explicit provisioning.

4.  Security Considerations

   The Captive Portal PvD option is subject to the same security
   considerations as any other options provisioned via Router
   Advertisements and Explicit Provisioning Domains.  This information
   should not be used by client devices to trust the safety or security
   of a network attachment.

5.  IANA Considerations

   This document adds a new key to the "Additional Information PvD Keys"
   defined in [I-D.ietf-intarea-provisioning-domains].  See Section 2
   for the new key definition.








Pfister & Pauly          Expires January 1, 2019                [Page 3]


Internet-Draft             Captive Portal PvD                  June 2018


6.  Acknowledgements

   Thanks to contributions from Eric Vyncke, Mark Townsley, David
   Schinazi, and Kyle Larose.

7.  References

7.1.  Normative References

   [I-D.ietf-capport-api]
              Pauly, T. and D. Thakore, "Captive Portal API", draft-
              ietf-capport-api-00 (work in progress), February 2018.

   [I-D.ietf-intarea-provisioning-domains]
              Pfister, P., Vyncke, E., Pauly, T., Schinazi, D., and W.
              Shao, "Discovering Provisioning Domain Names and Data",
              draft-ietf-intarea-provisioning-domains-02 (work in
              progress), June 2018.

   [RFC3629]  Yergeau, F., "UTF-8, a transformation format of ISO
              10646", STD 63, RFC 3629, DOI 10.17487/RFC3629, November
              2003, <https://www.rfc-editor.org/info/rfc3629>.

   [RFC7556]  Anipko, D., Ed., "Multiple Provisioning Domain
              Architecture", RFC 7556, DOI 10.17487/RFC7556, June 2015,
              <https://www.rfc-editor.org/info/rfc7556>.

7.2.  Informative References

   [I-D.ietf-capport-architecture]
              Larose, K. and D. Dolson, "CAPPORT Architecture", draft-
              ietf-capport-architecture-02 (work in progress), June
              2018.

Authors' Addresses

   Pierre Pfister
   Cisco
   11 Rue Camille Desmoulins
   Issy-les-Moulineaux 92130
   France

   Email: pierre.pfister@darou.fr








Pfister & Pauly          Expires January 1, 2019                [Page 4]


Internet-Draft             Captive Portal PvD                  June 2018


   Tommy Pauly
   Apple Inc.
   One Apple Park Way
   Cupertino, California 95014
   United States of America

   Email: tpauly@apple.com












































Pfister & Pauly          Expires January 1, 2019                [Page 5]