Le 08/02/2013 14:48, Michael Richardson a écrit :
"Keith" == Keith Moore <mo...@network-heretics.com>
writes:
For MIF -- not just HE-MIF, but all of MIF -- we should not
declare an interface "up" until such a validation succeeds. It
is unfortunate this is not solved at layer 2, where it arguably
belongs.
Keith> Would it be worthwhile for MIF to start making a list of
Keith> things that really need solutions elsewhere? Even if there
Keith> are hacks or heuristics that are used in the absence of such
Keith> solutions?
Yes.
In the portal case, we need a DHCP "login required" message.
YEs, tool useful.
Or an ARP reply message which could carry same "login required". This
could be sent by the default router to the Client when it presents its
MAC address.
Rather ARP than DHCP because the end effect of the portal authentication
is the opening of a firewall filter which is based on the MAC address.
ARP is at the same level.
It would be nice if we also had a BCP on how to signal and upgrade
From HTTP login to some DHCP EAP, perhaps using a EAP-TLS resume
From the HTTP session state. This would permit captive portals to
recognize re-logins.
Same with ARP...
Alex
_______________________________________________ mif mailing list
mif@ietf.org https://www.ietf.org/mailman/listinfo/mif
_______________________________________________
mif mailing list
mif@ietf.org
https://www.ietf.org/mailman/listinfo/mif
