Re: [Captive-portals] Ben Campbell's Yes on charter-ietf-capport-00-01: (with COMMENT)

Subject: Re: [Captive-portals] Ben Campbell's Yes on charter-ietf-capport-00-01: (with COMMENT)

Date: Wed, 18 Nov 2015 09:17:42 -0800

Archived-at: <http://mailarchive.ietf.org/arch/msg/captive-portals/agnS8BfcHBA3-IjBvdAAyUzE0mQ>

Cc: Ben Campbell <[email protected]>, "[email protected]" <[email protected]>, Hirotaka Nakajima <[email protected]>, [email protected], "[email protected]" <[email protected]>, The IESG <[email protected]>, Barry Leiba <[email protected]>, Warren Kumari <[email protected]>, John Mann <[email protected]>

Delivered-to: [email protected]

Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=JFso8K0wv6GdJmEJ1BdXy2YdvmRfOn14yi6W9D6PBAo=; b=mj/cZ3EAgq5hEkUebkqM1R7gBUx9ylZnnRLvmcTOMXSiHzjLBsfcRnQz/36RVtmHYs ksgCoTGnfgFmsOBkWdAIIM+AJW87InlnhEcroB4R12UlcoPzPJ5NENpTYbMd8/6BQPjk oJWz8hwQIMw8+TehjPrIZjg6M4dKbDFRCBe/8Swc4t2IUcsJTyVVWWTjmawDcy0zy7RN Jd/pEZBKlXQWYhZ83s23p70YiY4J5BxF2n8pDwcZ7az4OmGpasCM0hrrNqsADRj9JNra r+Rch3bDiqUcRwFjnIJU/H6EBqwly5QNZHLA9WS68L0TLau6UXCYF93hX/1N8670xngI LFEw==

In-reply-to: <[email protected]om>

List-archive: <https://mailarchive.ietf.org/arch/browse/captive-portals/>

List-help: <mailto:[email protected]?subject=help>

List-id: Discussion of issues related to captive portals <captive-portals.ietf.org>

List-post: <mailto:[email protected]>

List-subscribe: <https://www.ietf.org/mailman/listinfo/captive-portals>, <mailto:[email protected]?subject=subscribe>

List-unsubscribe: <https://www.ietf.org/mailman/options/captive-portals>, <mailto:[email protected]?subject=unsubscribe>

References: <[email protected]> <[email protected]om> <[email protected]> <[email protected]om> <[email protected]om> <[email protected]> <[email protected]om> <[email protected]om> <[email protected]om> <[email protected]om>

<snip>

- While I agree that roaming and federated solutions are out of scope, it might be too strong to outright exclude HS2.0/Passpoint, iPass, Boingo, and the like. In HS2.0 release 2, for example, an OSU network can have a captive portal (and I think capport work could apply here) - likewise, I think iPass and Boingo (apps) could benefit form the simplifying of captive portal interactions. (Additionally, even if a network uses 802.1x or an application to authenticate, that doesn't necessarily mean it will be and remain captive portal free -- consider the scenario where a user is being required to top-up their account balance to continue using the 802.1x network).

I'm far from an expert, but my reading of the Hotspot 2.0 OSU buts suggest that it 'fixes' the captive portal problem by giving the client the sign-up/portal address in the OSU handshake (ANQP). Have I misunderstood this?

That is correct... My point is just that HS2 might likely be deployed alongside a captive portal network also used by legacy devices.. the OSU network can be the Open SSID w/captive portal network. HS2 clients wouldn't interact with the captive portal, but it might still be there. Additionally, I don't think HS2 addresses how OSEN networks should enforce a walled garden (restricting clients only to OSU resources).

My main point is that I don't necessary think "Passpoint, Boingo, iPass" need to be mentioned by name as they are. They are more than "federated" logins and capport solutions _can_ be used by these Apps and deployments.

The bigger point is to exclude the 'on-boarding/provisioning of clients onto alternative (secure) networks' from the charter explicitly.