I am really a big fan of having the ability to pass FQDN as a DHCP option. I assume all un-authed users will have access to DNS. There are some edge case scenarios will this will fail, especially in mobility situations where a roams between 2 of the same SSIDs that have a different DHCP server and cache. I think an ICMP reply would offer another mechanism to determine the clients state.
I do not think HTTPS should be a requirement, this should be left to the discretion of the the hotspot provider. Many hotspots, especially in the U.S. require users at a minimal check a terms of service box to get internet access. An application like this would not need to be secure as there is no sensitive information being passed.
Comcast – Xfinity Wifi - Wireless Engineer
Phone – 215.286.7283
Cell – 215.609.2691
From: David Bird <[email protected]>
Date: Tuesday, October 6, 2015 at 1:52 PM
To: Michael Richardson <mcr+[email protected]>
Cc: "[email protected]" <[email protected]>
Subject: Re: [Captive-portals] A new draft / idea - draft-wkumari-capport-icmp-unreach
On Tue, Oct 6, 2015 at 10:07 AM, Michael Richardson <mcr+[email protected]> wrote:
David Bird <[email protected]> wrote:
Yes, IP address literal.
> learn the (possibly device and session specific) URL to the CP-WEB
Though, having a SSL cert doesn't necessarily mean it's the "right" website. I don't think we have to require HTTPS in all situations, but I could be convinced otherwise.
> * Note: CoovaChilli already has this type of internal URL
Yes, CoovaChilli is still active... It recently relocated to github and is supported by a (smallish, but active) community of developers, including myself.
> I'm not sure it belongs in RFC, but ideally, I'd like to see Clients
I don't disagree... My point is simply that a network, Open or otherwise, without CP (or with CP that whitelisted the OS CP detection end-points) render this sandbox browser feature useless. Moreover, why would a Client STOP using the sandbox browser after "authentication" (does the client all the sudden trust this (probably open) public access network more now?).