On 5/31/17, 9:07 PM, "Martin Thomson" <martin.thom...@gmail.com> wrote:
On 1 June 2017 at 08:23, Livingood, Jason <jason_living...@comcast.com>
wrote:
> In any case, this is very much in scope IMO – so agree with others here.
With the rise of IoT compromises the need for these sorts of notifications will
only rise and will be critical to maintaining the security & integrity of the
Internet.
Just trying to understand this. Jason, can you expand on your
assertion that insertion of notices in HTTP messages (I assume
response bodies) is critical to security & integrity?
[JL] I am not suggesting that insertion of notices in HTTP messages is the
method to use (it just happens to be how we do it today). I’m merely confirming
that others share the same use case specified by the German Federal Office for
Information Security. FWIW, I presented on this need at the BoF IIRC. The RFC I
referred to has some info as well, but it is not the best method which is why I
hope that CAPPORT will provide a better alternative.
[JL] But let me summarize the malware/hacked IoT device use case. A computing
device is compromised and being used as part of a DDoS attack (a la the Dyn
attack) or sending spam or doing keylogging or whatever. One alternative is to
put them in a walled garden with CAPPORT whereby they have no access from any
device in the home or, if the network architecture can do it, no access for
only that specific device (other devices have unfettered access). The CAPPORT
walled garden page would direct the device(s) or user(s) to a page explaining
what the malware is and how to remediate, for example. Another alternative is a
method to direct a device to a page / deliver a message about this malware
issue without otherwise affecting or constraining their Internet access. In
this alternative method, the objective is to get a critical security message to
the user (e.g. Device X has malware Y and needs to be fixed ASAP) while not
affecting things like gaming, OTT voice, OTT video, etc.
Jason
_______________________________________________
Captive-portals mailing list
Captive-portals@ietf.org
https://www.ietf.org/mailman/listinfo/captive-portals
