Erik Kline <ek.i...@gmail.com> wrote:
> One thing I realized that we didn't discuss in 7710bis, and didn't really
> discuss here either, is the issue of devices attached to routers which are
> themselves on the link with the provisioning service.
So, I agree with the thread that the options need to be passed on like DNS.
I guess architecturally maybe this needs to be specified.
From an implementation point of view, the router, whether IPv4 NAT44 or IPv6,
acts as a layer-2 "NAT", keeping the policy enforcement point from seeing the
end device's L2 address.
As such, mechanisms that whitelist^Waccept-list the client by L2 address
won't work, or will work wrong.
I think that many of us geeks have the experience of throwing our own router
onto
the hotel LAN, then accepting the Terms using our laptop, and sharing that
with our other devices.
That accept-lists the router for IPv4, but IPv6 won't work that way.
And now temporary addresses uses for privacy each get caught.
> The section 2.5 captive portal signal might be able to come to the rescue
> here, but as we don't have such a thing.
> But...maybe that's a separate document?
Our current solution isn't perfect, but it is a significant step forward.
Let's worry about this situation later.
--
Michael Richardson <mcr+i...@sandelman.ca>, Sandelman Software Works
-= IPv6 IoT consulting =-
signature.asc
Description: PGP signature
_______________________________________________ Captive-portals mailing list Captive-portals@ietf.org https://www.ietf.org/mailman/listinfo/captive-portals
