[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Captive-portals] Signals from the network and ICMP



Martin Thomson <[email protected]> wrote:
    > The form of that signal is next to consider.  We have discussed ICMP
    > DestUnreach with a both new and existing codes.  The feedback in London was
    > that maybe DestUnreach has some downsides and a new message would be
    > better.  A new ICMP message would allow for use prior to the network access
    > being revoked, so it has that in its favour.  Then there are other methods
    > for signaling, such as a UDP packet to a registered port.

Have we considered TCP RST already? (I don't think it's better than ICMP, but
I don't remember it being discussed yet)

It seems like we are perhaps at the point where we need to explicitely
document the risk(s).

The only risk that I'm aware of is that the signal is sent from another party (maliciously).
Are there other risks that I have missed?

    > Until we have that proposal, this signaling channel is a risk.  The
    > solution we have isn't an ideal solution from all perspectives without this
    > signal.  However, I think that we have a substantial number of people (if
    > not consensus) that - even with no signal - what we have is an
    > improvement.  More importantly, that we are not preventing the later
    > addition of a signal.

Agreed.

-- 
]               Never tell me the odds!                 | ipv6 mesh networks [ 
]   Michael Richardson, Sandelman Software Works        | network architect  [ 
]     [email protected]  http://www.sandelman.ca/        |   ruby on rails    [ 
	

Attachment: signature.asc
Description: PGP signature