Internet DRAFT - draft-pfister-capport-pvd
draft-pfister-capport-pvd
Network Working Group P. Pfister
Internet-Draft Cisco
Intended status: Standards Track T. Pauly
Expires: January 1, 2019 Apple Inc.
June 30, 2018
Using Provisioning Domains for Captive Portal Discovery
draft-pfister-capport-pvd-00
Abstract
Devices that connect to Captive Portals need a way to identify that
the network is restricted and discover a method for opening up
access. This document defines how to use Provisioning Domain
Additional Information to discover a Captive Portal API URI.
Status of This Memo
This Internet-Draft is submitted in full conformance with the
provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet-
Drafts is at https://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress."
This Internet-Draft will expire on January 1, 2019.
Copyright Notice
Copyright (c) 2018 IETF Trust and the persons identified as the
document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents
(https://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with respect
to this document. Code Components extracted from this document must
include Simplified BSD License text as described in Section 4.e of
the Trust Legal Provisions and are provided without warranty as
described in the Simplified BSD License.
Pfister & Pauly Expires January 1, 2019 [Page 1]
Internet-Draft Captive Portal PvD June 2018
Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2
2. Captive Portal URI Option . . . . . . . . . . . . . . . . . . 2
3. Client Behavior . . . . . . . . . . . . . . . . . . . . . . . 3
4. Security Considerations . . . . . . . . . . . . . . . . . . . 3
5. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 3
6. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 4
7. References . . . . . . . . . . . . . . . . . . . . . . . . . 4
7.1. Normative References . . . . . . . . . . . . . . . . . . 4
7.2. Informative References . . . . . . . . . . . . . . . . . 4
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 4
1. Introduction
The Captive Portal Architecture [I-D.ietf-capport-architecture]
defines the interaction model for how client devices (also referred
to as User Equipment) interact with a network that is restricted and
requires explicit user interaction to allow a device to access the
Internet. The first step of this process involves a Provisioning
Service communicating with the User Equipment to indicate that the
network is captive, and how to get out of captivity. The key piece
of information that the Provisioning Service provides is the URI of a
JSON-based API that allows the User Equipment to interact with the
captive portal. This API is specified in [I-D.ietf-capport-api].
This document defines the mechanism for using Provisioning Domain
(PvD) Additional Information as the Captive Portal Provisioning
Service. A PvD defines a consistent and usable set of network
configurations [RFC7556]. A Captive Network is one example of a PvD
that has unique properties that a device needs to be aware of when
presenting networks to generic applications. Naming specific PvDs
and presenting a set of Additional Information for a PvD is defined
in [I-D.ietf-intarea-provisioning-domains].
2. Captive Portal URI Option
The Additional Information fetched for a PvD is presented as JSON.
This document defines a new key to be used to identify the Captive
Portal API URI. As specified in [I-D.ietf-capport-api], this URI
MUST have an "https" scheme.
JSON Key: captive-api
Description: URI of Captive Portal API
Type: UTF-8 string [RFC3629]
Pfister & Pauly Expires January 1, 2019 [Page 2]
Internet-Draft Captive Portal PvD June 2018
Example: "https://captive.example.com/api"
3. Client Behavior
When a client device that support PvDs attaches a network, it will
discover if there is one or more named PvDs on the network with a
Router Advertisement as specified in
[I-D.ietf-intarea-provisioning-domains].
If the PvD indicates that it has Additional Information, the client
device SHOULD fetch the Additional Information prior to allowing the
PvD to be used for generic network access, in case the network is
restricted or captive. If the Additional Information contains the
"captive-api" key, then the client device can interact with the
Captive Portal API before proceeding with using the network. If the
Additional Information does not contain the "captive-api" key, then
the client SHOULD assume that the network is not captive, and proceed
with using the network.
If the PvD indicates that it has no Additional Information, the
client device SHOULD assume that the network is not captive, and
proceed with using the network.
It is possible that a misconfigured network will provide a named PvD
without explicitly marking the captive option, while still
restricting network access and providing a Captive Portal. In this
case, connections made by the client device may be blocked or
redirected, as occurs in captive network in which there is no
explicit provisioning.
4. Security Considerations
The Captive Portal PvD option is subject to the same security
considerations as any other options provisioned via Router
Advertisements and Explicit Provisioning Domains. This information
should not be used by client devices to trust the safety or security
of a network attachment.
5. IANA Considerations
This document adds a new key to the "Additional Information PvD Keys"
defined in [I-D.ietf-intarea-provisioning-domains]. See Section 2
for the new key definition.
Pfister & Pauly Expires January 1, 2019 [Page 3]
Internet-Draft Captive Portal PvD June 2018
6. Acknowledgements
Thanks to contributions from Eric Vyncke, Mark Townsley, David
Schinazi, and Kyle Larose.
7. References
7.1. Normative References
[I-D.ietf-capport-api]
Pauly, T. and D. Thakore, "Captive Portal API", draft-
ietf-capport-api-00 (work in progress), February 2018.
[I-D.ietf-intarea-provisioning-domains]
Pfister, P., Vyncke, E., Pauly, T., Schinazi, D., and W.
Shao, "Discovering Provisioning Domain Names and Data",
draft-ietf-intarea-provisioning-domains-02 (work in
progress), June 2018.
[RFC3629] Yergeau, F., "UTF-8, a transformation format of ISO
10646", STD 63, RFC 3629, DOI 10.17487/RFC3629, November
2003, <https://www.rfc-editor.org/info/rfc3629>.
[RFC7556] Anipko, D., Ed., "Multiple Provisioning Domain
Architecture", RFC 7556, DOI 10.17487/RFC7556, June 2015,
<https://www.rfc-editor.org/info/rfc7556>.
7.2. Informative References
[I-D.ietf-capport-architecture]
Larose, K. and D. Dolson, "CAPPORT Architecture", draft-
ietf-capport-architecture-02 (work in progress), June
2018.
Authors' Addresses
Pierre Pfister
Cisco
11 Rue Camille Desmoulins
Issy-les-Moulineaux 92130
France
Email: pierre.pfister@darou.fr
Pfister & Pauly Expires January 1, 2019 [Page 4]
Internet-Draft Captive Portal PvD June 2018
Tommy Pauly
Apple Inc.
One Apple Park Way
Cupertino, California 95014
United States of America
Email: tpauly@apple.com
Pfister & Pauly Expires January 1, 2019 [Page 5]