Re: [Captive-portals] CAPPORT meeting at IETF95 in Buenos Aires.

• To: David Illsley <[email protected]>
• Subject: Re: [Captive-portals] CAPPORT meeting at IETF95 in Buenos Aires.
• From: Mark Nottingham <[email protected]>
• Date: Wed, 17 Feb 2016 10:53:48 +1100
• Archived-at: <http://mailarchive.ietf.org/arch/msg/captive-portals/QMj2YMFlcDKiopkdvlsvDp_-lBw>
• Cc: "[email protected]" <[email protected]>, Warren Kumari <[email protected]>
• Delivered-to: [email protected]
• In-reply-to: <[email protected]om>
• List-archive: <https://mailarchive.ietf.org/arch/browse/captive-portals/>
• List-help: <mailto:[email protected]?subject=help>
• List-id: Discussion of issues related to captive portals <captive-portals.ietf.org>
• List-post: <mailto:[email protected]>
• List-subscribe: <https://www.ietf.org/mailman/listinfo/captive-portals>, <mailto:[email protected]?subject=subscribe>
• List-unsubscribe: <https://www.ietf.org/mailman/options/captive-portals>, <mailto:[email protected]?subject=unsubscribe>
• References: <[email protected]om> <[email protected]> <[email protected]om>

> On 17 Feb 2016, at 3:59 AM, David Illsley <[email protected]> wrote:
> 
> I'm interested in the Sandboxing point in section 4. I understand these to be designed as a pro-user security feature. In general I don't trust random network devices in hotels so I'll use a VPN. That leaves me open to malware attacks from the captive portal [1]. Deciding to put captive portals into a more-restrictive-than-usual sandbox then seems reasonable to me.
> 
> Can you explain the problems caused by sandboxing (I don't think I've ever experienced them)?

AIUI, some captive portals want access to the users' normal cookies; e.g., to log into Facebook to authenticate the user (yeah, I know...). Also, I understand that some captive portal sandboxes don't allow some browser features like video playback, and some captive portals feel that they need this functionality. 

Cheers,


> David
> 
> [1] http://www.wired.com/2014/11/darkhotel-malware/



--
Mark Nottingham   https://www.mnot.net/

• Follow-Ups:
  • Re: [Captive-portals] CAPPORT meeting at IETF95 in Buenos Aires.
    • From: Yoav Nir <[email protected]>

• References:
  • [Captive-portals] CAPPORT meeting at IETF95 in Buenos Aires.
    • From: Warren Kumari <[email protected]>
  • Re: [Captive-portals] CAPPORT meeting at IETF95 in Buenos Aires.
    • From: Mark Nottingham <[email protected]>
  • Re: [Captive-portals] CAPPORT meeting at IETF95 in Buenos Aires.
    • From: David Illsley <[email protected]>

• Prev by Date: Re: [Captive-portals] CAPPORT meeting at IETF95 in Buenos Aires.
• Next by Date: Re: [Captive-portals] CAPPORT meeting at IETF95 in Buenos Aires.
• Previous by thread: Re: [Captive-portals] CAPPORT meeting at IETF95 in Buenos Aires.
• Next by thread: Re: [Captive-portals] CAPPORT meeting at IETF95 in Buenos Aires.
• Index(es):
  • Date
  • Thread