[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Captive-portals] [Doh] Captive portals (was Re: suggested slides for IETF 104 on draft-reid-doh-operator)



> On Mar 15, 2019, at 5:22 AM, Thomas Peterson <[email protected]> wrote:
> 
> (to those exclusively on the captive-portals list, this email follows on a discussion around a presentation discussing implications of DNS over HTTP in networks where captive portals are present)
> 
> On 15/03/2019 11:26, Martin Thomson wrote:
>> If the OS catches the captive portal, everything works nicely once the captive portal is dealt with.  If the captive portal manages to evade detection...
> 
> As there are numerous folk from browser and OS vendors within this mailing list who implement capture portal detection, would there benefit in authoring an informational document covering capture portal detection methods in the absence of a network's DHCP service not implementing RFC 7710? Such a document may help describe common methods to inform implementers and minimise detection evading capture portals. It may be better placed in the capport WG instead of doh.

Agreed that CAPPORT is a good place for this discussion.

As far as providing a document to describe OS-vendor-specific mitigations, I'm not sure if the benefit would be that large. It may be useful as an appendix in our Captive Portal Architecture document? The problem is that captive portals that want to whitelist OS probes for portals always can some way or another. Captive portals that do want to play nice don't whitelist these probes, and the detection generally works fine.

Thanks,
Tommy
 
> 
> Regards
> 
> _______________________________________________
> Captive-portals mailing list
> [email protected]
> https://www.ietf.org/mailman/listinfo/captive-portals