[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Captive-portals] Notes from meeting

Taken on my phone


Privacy : yes cache control
Hmac key : do we need this if we don't have icmp? The icmp... Arch might define its existence but not the mechanics. Defer.
Server auth: rsleevi says no must on OCSP, but maybe whitelist get on OCSP. Should is ok. 
If this fails, the api does not work and we get the existing behavior 
Talk about ux. Tommy suggests that this is a platform choice 
Media type bike shed: use one, editor choice
Urls: Pierre says .wk opens the possibility of probing. Darshak says point to html OR api. PvD isn't a problem, just 7710.


Warren is okay 
How does this relate to pvd? 
No option means no portal. 802.11u has a signal already. Kyle says this is generic. Tommy; the signals we have don't say that there is no block. Can we add pvd to this doc as well. Chairs will follow up.
No conclusion on meaning of the url. Take to list. 


Security is ok
Identity - need to agree on type of id
Enforcement device split considered.Kyle to take that to the list.
Pierre: ue Id doesn't need to be known to the device
Nick :we should be careful about the identifier and how hard it can be. Maybe describe how it might be insulated. 
Pierre: don't specify a specific type of id
Advise against including pii in URIs maybe. 
Pvd cannot give the state. Pvd can't do per user, dynamic, or private 


Tero & Margaret :don't tweak destunreach.
Do we need a new signal?
Tommy can live without a signal. We should be careful not to DoS the api.
Margaret : maybe we can use destunreach to trigger a check of the api.
Lorenzo : anything spoofable cannot be more than a hint. Unsolicited messages are hard to secure. I want to know in advance.
Warren : maybe a talk to me thing. 
Margaret : maybe icmp, maybe not destunreach
Lorenzo to produce some requirements
Chairs will confer, but tentative plan is to capture requirements and await someone making a proposal 

Darshak gave an overview of other network standardization in the area of network authentication
Not in scope
Parallel but not congruent
Can you help us authenticate the ra?
Like a security upgrade for the network, which would need 802 collaboration