Skip to main content

Minutes IETF101: capport

Meeting Minutes Captive Portal Interaction (capport) WG
Title Minutes IETF101: capport
State Active
Other versions plain text
Last updated 2018-03-22


Privacy : yes cache control
HMAC key : do we need this if we don't have icmp? The icmp... Arch might define
its existence but not the mechanics.. Defer. Server auth: rsleevi says no must
on OCSP, but maybe whitelist get on OCSP. Should is ok. If this fails, the API
does not work and we get the existing behavior Talk about ux. Tommy suggests
that this is a platform choice Media type bike shed: use one, editor choice
Urls: Pierre says .wk opens the possibility of probing. Darshak says point to
html OR API. PvD isn't a problem, just 7710.


Warren is okay
How does this relate to pvd?
No option means no portal. 802.11u has a signal already. Kyle says this is
generic. Tommy; the signals we have don't say that there is no block. Can we
add pvd to this doc as well. Chairs will follow up. No conclusion on meaning of
the url. Take to list.


Security is ok
Identity - need to agree on type of id
Enforcement device split considered.Kyle to take that to the list.
Pierre: ue Id doesn't need to be known to the device
Nick :we should be careful about the identifier and how hard it can be. Maybe
describe how it might be insulated. Pierre: don't specify a specific type of id
Advise against including pii in URIs maybe. Pvd cannot give the state. Pvd
can't do per user, dynamic, or private


Tero & Margaret :don't tweak destunreach.
Do we need a new signal?
Tommy can live without a signal. We should be careful not to DoS the API.
Margaret : maybe we can use destunreach to trigger a check of the API.
Lorenzo : anything spoofable cannot be more than a hint. Unsolicited messages
are hard to secure. I want to know in advance. Warren : maybe a talk to me
thing. Margaret : maybe icmp, maybe not destunreach Lorenzo to produce some
requirements Chairs will confer, but tentative plan is to capture requirements
and await someone making a proposal

Darshak gave an overview of other network standardization in the area of
network authentication Not in scope Parallel but not congruent Can you help us
authenticate the RA? Like a security upgrade for the network, which would need
802 collaboration