[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Captive-portals] Questions about PvD/API



> 5.1.1.  Associating User Equipment with its URL
>
>    The CAPPORT API Server SHOULD associate an incoming request with a
>    particular User Equipment consistently.  [TODO: specify how this
>    would happen.]
>
> This becomes a pretty important point because it can't be that each DHCP or
> RA is custom formatted for each station with a UE specific URL. It also
> needs to be a MUST if the API is returning information about
> 'bytes_remaining' and such. Or, does the UE self report it's MAC to the
> API/PvD? The service needs some way of associating that API/PvD session with
> the RADIUS accounting stream.

<no chair hat>

This is a very critical question, imho.

No captive portal vendor would want to trust clients to self-identify
their MAC addresses.  And even non-malicious clients might be prone to
introducing errors (say, by presenting the random MAC used during
scanning and not [as a result of a bug] the actual MAC used for the
session).

Given that, it seems the network infrastructure itself must be the
element that adds MAC addresses, or some equivalent token, in
communications with the API endpoint.  Yes?

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature