[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Captive-portals] IETF 100: ICMP Discussion Summary



Dave Dolson <[email protected]> wrote:
    > Regarding multiple IPv6 addresses, consider these two alternatives:
    > 1. Associate the new address with an existing capport "session", for
    > uninterrupted experience.

...

    > I propose that the capport API permits new IP addresses to be assigned
    > to an existing session, by providing an appropriate token.

Given an approriate HTTP Cookie which is not tied to a particular v6 end
point, then one could call some API, having already authenticated.
So I can see that this could perhaps work.

The downside is that if I pass this cookie around to my friends, then my
friends can get service via me.  Unless the enforcement point enforces L2
addresses, which if it did, then we would have no problem.

I'm not sure if we can require that the new IP address be added from an
address that is already authenticated.  Not only does it mean that my host
has to figure out how to use what might be an expired temporary address, but
it also means that I could add my friends' IPs to my ACL rather easily.
How many can I add?  All 2^64 of them? :-)


--
Michael Richardson <[email protected]>, Sandelman Software Works
 -= IPv6 IoT consulting =-



Attachment: signature.asc
Description: PGP signature