On 02/07/2013 12:13 PM, Dan Wing wrote:
The technique used by both Apple and Microsoft is, when joining a new
network, to attempt to retrieve a certain URI. Microsoft's procedure
is described in
http://technet.microsoft.com/en-us/library/cc766017%28v=ws.10%29.aspx,
which queries www.msftncsi.com and needs to see 131.107.255.255 as
the answer, and then does an HTTP GET. If anything is abnormal, it
assumes there is a proxy on the path. Apple does something similar by
attempting to retrieve https://www.apple.com/library/test/success.html.
Unfortunately, this seems the best technique available to detect such
DNS interception and HTTP interception proxies that force a login or
force a click-through.
For MIF -- not just HE-MIF, but all of MIF -- we should not declare an
interface "up" until such a validation succeeds. It is unfortunate
this is not solved at layer 2, where it arguably belongs.
Would it be worthwhile for MIF to start making a list of things that
really need solutions elsewhere? Even if there are hacks or heuristics
that are used in the absence of such solutions?
Keith
_______________________________________________
mif mailing list
mif@ietf.org
https://www.ietf.org/mailman/listinfo/mif
