►
From YouTube: IETF93-CAPPORT-20150722-1550
Description
CAPPORT meeting session at IETF93
2015/07/22 1550
A
A
A
B
C
B
So
hello,
everyone,
this
is
the
captive
portal
buff
we're
currently
calling
it
cap
for
some
people,
don't
like
the
name.
If
you
can
come
up
with
another
set
of
words
that
make
the
cap
court
acronym,
that
would
be
cool
and
maybe
all
rename
it
otherwise
we're
sticking
a
cap
for
now
I'm
Warren.
This
is
mark.
Do
we
have
somebody
who
is
willing
to
javis
cribe.
B
B
B
B
Sorry,
ok,
so
the
blue
sheets
are
circulating,
keysville
and
blue
sheets.
This
is
the
IETF
note.
Well
by
now
you
should
have
seen
it
many
times.
Please
make
sure
that
you
understand
what
it
means
and
what's
implications
where
you
are.
If
you
do
not
understand
this,
please
speak
to
legal
counsel
and
make
sure
that
you
know
what's
going
on
so
how
many
people
here
were
at
the
captive
portal
barb
off
that
we
had
last
time
in
dallas.
C
B
Dallas,
how
many
people
here
know
what
a
captive
portal
is
or
great
is
anybody
who
does
not
know
what
I
captive
portal
is?
Ok,
let's.
B
Okay.
Well
sorry,.
B
So
sometimes
these
capture
portal
things
actually
work
nicely
on
my
flight
here
I
was
on
a
united
flight
and
it
had
a
captive
portal
and
it
actually
worked,
and
when
that
work
you
know
it
was
actually
really
nice.
It
was
fairly
seamless,
I
tried
to
go
to
IETF
dog,
they
intercepted
my
connection
and
brought
up
this
page,
which
let
me
pay.
They
took
all
of
my
money
and
then
I
got
actually
fairly
bad
intern
access,
but
the
experience
wasn't
too
bad
in
general.
Usually
though
it
doesn't.
B
This
was
a
nipple
effort,
I
really
needed
to
figure
out
where
they
had
moved
my
gay
tube
and
after
a
long
time
this
was
all
I
could
manage
to
get
after
many
other
poking
at
things,
I
managed
to
get
this.
It
appears
that
they
localized
me
and
decided
that
I
spoke
Latin.
Unfortunately,
I
don't
speak
Latin,
you
know.
Well,
maybe.
C
B
Mark
for
long
you-
and
so
this
was
a
ungood
user
experience,
often
when
they
don't
work,
it
makes
other
things
sad.
Presumably
everybody
who
runs
a
Mac
has
seen
the
sort
of
itunes
connected.
I
cannot
connect
to
the
iTunes
Store.
Would
you
like
to
trust
the
certificate
other
things
like
that?
This?
Apparently
it
decided
to
intersect
all
IP
traffic
and
reply
with
HTTP
answers
to
anything.
B
This
did
not
work
out.
Well,
so
why
are
do
we?
Have
these
problems
well
to
portal
needs
to
actually
talk
to
a
user.
This
means
that
they
need
the
user
to
connect
to
them
in
some
way,
and
in
order
to
do
that
at
the
moment
they
need
to
intersect
your
connection.
Almost
all
of
these
look
like
man-in-the-middle
attacks,
largely
because
they
are
basically
man
and
middle
attacks,
maybe
just
without
these
sort
of
malicious
intent.
These
involve
things
like
you
know:
DNS,
hijacks
or
mat
arms
of
HTTP
interception.
B
Things
like
that
IP
interception
they
look
like
man-in-the-middle
attacks,
they're,
basically
indistinguishable.
We've
recently
been
spending
a
lot
of
time
and
effort
trying
to
make
man-in-the-middle
attacks
harder
or
fail.
This
involves
things
like
VPNs
ubiquitous
encryption,
DNS
SEC,
possibly
one
day,
things
like
deprived
as
well.
All
of
these
make
the
captive
portal
interception
problem
much
harder
for
the
capture
portal
people,
but
even
once
they've
managed
to
actually
intercept
the
connection.
It
seems
that
often
interacting
with
the
captive
portal
doesn't
work
all
that.
Well
often,
you
know
this
pops
up
on
your
phone.
B
The
display
doesn't
really
work
very
well
because
it's
a
much
larger
so
screen
that's
being
expected.
Often
internet
internationalization
doesn't
really
work
very
well.
Often,
accessibility
doesn't
really
work
very
well.
Many
people
sort
of
have
a
don't,
have
a
real
web
browser
that
they
talk
to
sort
of
a
Braille
reader.
Things
like
that.
Those
really
don't
work
very
well
with
these
are
capture
portal
interaction,
but
anyway,
after
a
while,
you
know
you
get
through
the
page.
B
You
enter
your
credit
card
information
or
you
just
accept
the
acceptable
use
policy
page
and
then
everything
works
really
nicely
for
three
hours
or
twelve
hours
or,
however
long
you
have
purchased,
and
then
everything
stops
logical
agenda.
They
need
to
the
intersection
again
everything
you've
had
working.
Your
VPN
stops
things
like
that.
Also
often
you
don't
know
if
you've
actually
managed
to
satisfy
the
capture
portal
or
that
there
is
a
captive
portal.
So
here's
a
long
litany
of
things
that
don't
work.
B
So
what
would
we
actually
like
personally
I
would
like
that
when
I
arrived
somewhere
like
a
hotel
and
I
open,
my
laptop
I
get
some
sort
of
interface
that
I
can
easily
interact
with
the
device.
All
of
my
applications
don't
go
up
in
the
background
and
try
and
initiate
connections
and
then
fail.
B
B
Some
people
have
tried
to
defeat
the
probing
for
various
reasons:
we'd
like
away
for
the
capture
portal
or
the
network,
or
something
to
be
able
to
say
by
the
way,
you're
behind
a
capture
photo,
do
not
try
and
initiate
new
connections.
You
know,
do
not
try
and
go
anywhere
until
you
have
satisfied
me.
We're
also,
then,
like
I
think
a
way
for
us
to
actually
interact
with
the
capture
portal.
B
Possibly
if
you
have
something
like
a
phone
a
way
you
know-
and
this
would
be
at
the
captive
portal
operator-
decides
if
this
is
attractive
to
them,
a
way
for
your
phone
or
your
device
to
say
you're
behind
a
captive
portal,
a
standard
UI
that
says
you
could
choose
this
much
time
or
Eric.
You
have
a
terrifying.
A
I
was
wondering
if
I
can
insert
an
adverb
protocol
to
interact
securely
with
the
CP.
Yes,
thank
you
as
I.
You
know
this
will
inevitably
involve
putting
in
a
credit
card
somewhere
right,
yeah.
B
Yeah
that,
yes
to
attract
security
with
the
CP,
so
you
know
possibly
some
way
that
your
device
can
actually
know
how
what
how
much
you
need
to
pay
or
what
you
need
to
do
in
order
to
satisfy
the
capture
portal,
then
some
way
for
you
to
figure
out
what
the
status
is.
It
would
be
nice
if
your
device
could
say
you
purchase
12
hours
of
internet
access.
You
only
have
five
minutes
left.
Would
you
like
to
pay
more
and
get
an
additional
thing?
B
Not
have
you
know
everything
grind
to
a
halt,
possibly,
but
this
is
sort
of
a
longer-term
goal,
a
way
for
fully
automated
way
for
a
device
to
connect.
So
if
it
sort
of
in
a
device
that
doesn't
have
a
screen
through
Internet
of
Things
new
buzzword,
I'm
a
way
for
it
to
be
able
to
interact
with
the
captive
portal
with
no
human
intervention.
B
Possibly
also
something
where,
if
we
had
a
secure
way
to
be
able
to
talk
to
these
things
and
it
was
on
a
mobile
device-
maybe
you
know
if
it's
your
iPhone,
it
could
use.
Apple
pay
or
an
Android
device
may
be
served
google
wallet,
so
you
don't
need
to
enter
your
love.
Your
credit
card
info
and
Wes.
Just
a
quick
question.
A
A
B
A
Aaron
falk
just
sort
of
picking
up
on
the
secure
point
that
I'd
hate
to
see
an
outcome
that
allowed
some
third
party
to
claim.
It
was
a
captive
portal
and
collect
my
credit
card
information
and
and
have
me
just
wait
until
it
said
everything's.
Okay,
yes,.
A
A
B
Yeah,
so
one
of
the
things
that
we're
hoping
is
that
we
can
make
this
attractive
enough.
You
know
the
interaction
was
simple
enough
that
people
were
more
likely
to
actually
pay
for
their
internet
access.
You
know
that
it
would
be
sort
of
a
one
click
button,
and
maybe
people
would
do
it,
which
would
remove
some
of
the
reason.
It
seems
that
people
are
just
sort
of
allowing
this
well
I.
B
C
Had
to
interject
there
I
don't
believe
in
Hope
based
standards,
efforts,
yeah
and.
A
So
so
I
think
along
those
lines
we
come
up
with
solutions
for
a
lot
of
these
and
the
captive
portal.
Vendors
had
not
deployed
them
and
so
I
think.
What
we
need
to
understand
perch
is
what
is
their
motivation
for
not
using
the
things
that
exist?
Why
is
why
is
the
current
broken
state
better
than
anything,
anyone
has
proposed
in
their
odds,
and
we
may
not
have
the
people
in
the
room
answer
that
right
and.
C
I
have
to
say,
I
violently
agree
with
Mike.
We
looked
at
this
in
a
various
number
of
ways
in
the
HTTP
working
group
and
I
posted
a
link
to
a
wiki
page.
We
collected
information
at
that
has
a
lot
of
the
different,
not
well,
but
some
of
the
different
aspects
of
why
this
is
not
a
simple
problem.
We
also
looked
at
it
submitted
III
ctags
same
thing.
You
know
it
and
what
I'm
coming
to
I
was
talking
about
hope.
B
A
The
previous
Bob
up
so
I
may
be
repeating
what
I
said
before
in
in
the
university
world,
because
we
use
edgy,
Roman,
82,
dot1x
and
I
was
one
of
the
people
that
started
that.
What
it
worries
me
here
is
that
capture
portal,
for
all
its
sins
is
something
that's
simple.
Are
we
in
danger,
here
of
essentially
doing
a
digital
one
extra
light
in
some
form
of
by
going
through
and
developing
this
verb?
The.
C
Person
I
did
it
again
personally,
I
feel
like
there
is
a
place
for
a
standard,
because
there's
such
variance
in
how
individual
kept
of
portals
in
hotels
and
airports
and
places
work
and
we'll
well,
we
have
hot
spot
to
dodo
and
other
things
they
tend
to
be
more
for
very
large
scale
federated.
You
know
not
at
the
scale
of
my
corner,
coffee
shop,
where
I
live
and
so
I
think
there's
a
hole
in
the
market.
C
A
So
we
can,
like
the
Apple
captive
portal
network
assistant,
actually
get
tools
that
we
can
fire
up
web
pages
right
on
our
desktop
without
app
next
should
connect
the
AP,
see
the
302
and
get
the
in
a
captive
state,
so
yeah
I
think
we
could
get
them
to
open
up,
maybe
documentation
on
how
to
design
for
cuz,
sometimes
I.
Remember
early
early
releases
like
JavaScript
was
disabled.
Cookies
are
disabled,
obviously
for
security
stuff,
but
you
know
I
think
if
we
can
get
some
cooperation
that
could
help
us
develop
better,
better
stuff
and.
B
Some
of
this
also
might
just
be
a
place
where
you
know
people
get
together
and
talk.
Not
actually,
you
know
just
getting
the
document
done,
but
hopefully
you
know
capture
photo
operators
and
vendors,
and
maybe
people
who
end
up
deploying
these
etc
can
also
through
have
those
terms
of
discussions,
but
now
I.
A
Yeah,
so
there
we
scroll
or
two
things.
First
I
mean
how
this
particular
stark
white
Mike
just
said
about
how
you
know
the
operating
systems
have
mechanisms
protecting
character
portals.
They
got
to
put
them
that
manufacturers
explicitly
disabled
those
I
mean
you
know
it.
There's
really
no
I
mean
I
mean
it's
one
thing
to
say
that
we
gotta
get
them
to
clot.
We
got
to
get
the
do
something
right.
A
We
gotta
get
them
like
change
or
change
their
code,
but
if
they're
actually
changing
their
code
to
avoid
affecting
them,
there's
really
not
much
room
for
like
forward
progress
and
no
matter
how
cool
is
that
it
is
so
I
guess,
I
want
to
echo
Mars
question
and.
A
A
C
C
C
C
Actually
we're
not
just
work
at
a
company
that
has
a
captive
portal.
I
mean
you're
on
the
team
that
has
some
ownership
with
a
captive
portal,
product,
hands
nice
and
high.
Please
real
high
okay,
one,
two
three,
four
five,
six
seven
I
know
it's:
okay,
there's
no
stigma
so
yeah.
Thank
you
for
coming.
So
I
have.
C
So
let's
say
on
the
order
of
10
ish
people
I.
I
we
want
to
ask
you
questions
in
a
friendly
non-confrontational
way.
If
you
don't
want
to
state
your
name
with
the
mic,
that's
totally
cool,
so
that
tenish,
who
here
works
on
an
implementation
that
attempts
to
handle
a
captive
portal
ie
in
an
operating
system
and
I,
don't
mean
you
work
at
one
of
those
companies.
I
mean
you
work
on
that
code.
C
C
Well
and
honestly,
if
the
outcome
of
this
is
that
we
give
those
vendors,
you
know,
are
both
sides
of
protected
room
to
go
away
and
talk
amongst
each
other
document,
what
they
currently
do
and
figure
out.
You
know
what
next
steps
might
be.
That's
an
incredibly
positive
thing.
I
would
much,
rather
than
do
that
and
have
a
lot
of
uninformed,
throw
up
people
for
IDs
at
them
and
chase
them
out
of
the
room.
So
that's
really
interesting
information.
He'll.
C
A
A
A
B
It
goes
in
that
direction.
I
think
then
we
have
some.
You
know
hope
that
this
will
actually
see
a
day
in
life.
You
know,
okay,
so
can
I.
Can
I
interruptin
quickly
get
through
this
one
little
slide
and
then
so
I've
spoken
to
a
number
of
people
who
run
capture,
photos
and
ask
them.
You
know:
why
do
you
do
things
like
great
pin
hole
for
the
app
for
the
Apple
captive
portal
chest
and
the
and
apparently
a
fair
bit
of
it
is
eyeballs
are
important.
B
They
would
like
to
be
able
to
display
ads
in
a
full-featured
browser.
They
would
like
to
be
able
to
have
people
interact.
You
know
in
many
cases
the
way
you
get
access
is
you
do
things
like
log
on
to
facebook
and
like
them,
that
is
go
sort
of
overcoming
that
is
going
to
be
one
of
the
issues
with
incentives
and
order
to
get
people
to
buy
it.
This.
C
B
We're
hoping
is
will
be
able
to
create
enough
incentive
by
making
the
user
experience
seamless
that
people
will
actually
complete
the
captive
portal
thing
will
actually
pay
them
their
dollar
or
whatever,
to
get
in
that
access
that
that
is
more
value
to
put
more
valuable
than
the
eyeballs.
This
might
be
a
mistake
that
might
not
work
but
might
go
to
try
and
erica's.
Oh
yeah,.
A
Here
in
claim,
so
I
wanted
to
say
that
to
two
or
three
points
made
earlier,
I
think
the
same
same
payment,
even
if
we
don't
get
a
standard
for
captive
portal
behavior
or
changes
to
catch
it
before
the
portal
behavior
some
documentation
of
what
the
operating
system
people
do
and
how
they
do
it
in
recommendations
for
handling
this
sort
of
thing
could
be
useful.
Android
has
some
things
that
are
handy
in
this
regard.
A
One
girl
singer,
yes,
actually
I,
want
to
take
it
a
little
further.
I
think
the
fact
that
we
saw
racing
pants
it's
very
interesting
and
seems
to
me
that
something
that
we
need
is
to
educate
each
other,
because
we
have
very
strong
views
on
why
we
want
it,
and
you
just
gave
a
few
examples
that
we
keep
thinking
about
the
Wi-Fi
pain
use
case
or
the
restaurant.
But
there
are
some
cases
where
there's
a
policy
where
you
have
to
comply
to
just
getting
the
network
or
thurs.
A
You
are
in
a
company
and
you're
a
visitor,
and
you
have
to
say
that
you
will
abide
by
ABCD
and
there's
no
payment
this.
It's
just
that
you
have
to
sign
so
that
you
can
get
in
and
I
think
that
it
will
be
very
useful
to
have
those
use
cases
documented
in
same
way.
Some
proposed
answer
to
those
who
use
cases
to
people
that
have
issues
and
then
have
both
sides
read
each
other
and
it's
like.
A
Oh
so
it
seems
like
oh
and
then
I
think
that
will
be
a
good
set
of
documents
to
start
I.
Don't
think
that
maybe
we
don't
have
to
make
it
in
the
same
document
may
be
dude
set
of
documents
or
whatever
that
the
fact
that
we
can
educate
each
other
I
think
will
be
very
helpful
to
just
throw
the
next
step
and
say:
is
there
a
standardized
way
to
solve
all.
C
A
A
It
occurs
to
me
that
this
that
I
see
this
is
being
very
similar
to
a
different
story
that
I'm
going
to
summarize
that
I
hope
you'll
see
the
relationship
to
once
upon
a
time.
The
IETF
did
not
admit
that
there
was
such
a
thing
as
nap,
and
so
the
ietf
did
not
standardizing
thing,
and
so
what
happened?
As
you
had
lots
of
vendors
that
went
off
and
do
things
at
the
IDF
didn't
admit
they
did
it
in
lots
of
different
ways
and
then,
finally,
one
day,
diet
ETF
got
around
a
saying
boom.
A
There's
a
problem
here,
and
it
showed
up
two
pictures
similar
to
Warren,
slides
about
all
the
problems
here
and
so
then
the
IHF
to
said
gee.
Maybe
we
should
go
up
and
create
a
working
group
and
that
working
in
a
bunch
of
work
and
document
what
common
practice
was
in
order
to
make
the
to
say
here's
the
least,
harmful
way
of
doing
things,
given
that
we
know
that
you're
going
to
do
it
and
then
the
IETF
pretty
much
finished
that
then
it
went
on
to
create
saying
well
now
we
need
a
mechanism.
A
B
A
So
we
created
a
working
group
to
do
that
and
that's
kind
of
where
the
script
ends
so
far.
Okay,
the
rest
of
the
script
is,
of
course,
if
that
would
get
implemented
to.
But
the
point
is
that
we
had
people
from
both
the
vendors
of
those
middle
boxes
and
the
people
from
the
OS
is
working
together,
because
the
problems
that
were
unmentioned
our
problems,
we
actually
have
a
common
interest
in
solving
right,
and
so
how
do
I
get
them
to
work
together?
A
A
In
that
case
and
I
hope,
we
can
follow
a
similar
script
here
and
make
progress,
because
I
think
we
have
common
interests
and
I
would
love
to
get
to
a
case
where,
from
the
operating
system
side
where
we
can
get
the
cap,
that
people
paid
and
get
the
users
on
there
and
not
have
all
the
problems,
because
what
you
described
before
and
I
completely
agree
your
slides.
This
is
a
problem.
It
needs
to
be
solved,
we've
done
it
once
before
them.
In
that
case
and
I
hope
we
can
do
it.
A
A
When
you
say,
hey,
I
balls,
I
important
message
cube
one
that
message
in
front
of
full
fledge
browser,
presumably
with
a
nice
flash
video
of
the
beer
flowing
on
your
bar
and
things
like
that,
and
that's
exactly
what
you
would
find
in
a
fishing
web
page.
That's
tries
to
deposit
a
virus
in
your
computer
and
so
I.
I
wish
that,
in
whatever
shorter
we
have,
we
have
that
particular
security
requests
well
stated.
A
A
That's
a
bad
thing
and
I'm
saying
maybe
there's
a
middle
ground
just
like
the
found
middle
ground.
In
that
case,
it
may
have
started
of
saying
yes,
some
of
those
same
issues
may
have
come
up
or
equivalent
issues
may
have
come
up
initially,
but
that
long-term
goal
was
not
to
do
that.
The
long-term
goal
was
to
get
a
good
experience
and
get
paid,
and
so
on,
I'm
again,
for
it.
C
Does
bring
up
an
interesting
point,
though,
that
you
know,
inevitably
some
of
the
discussion
might
cover
what
the
quality
of
the
thing
you
get
once
you
get
through.
The
portal
is
I
know
that
sometimes
people
in
the
research
we
did
people
blocked
the
capital
proton
detection
in
the
operating
systems,
because
it
wasn't
actually
to
get
internet
access.
It
was
a
closed
network
or
a
partially
closed,
Network
and
I.
Think
there's
some
interesting
states
there
to
explore.
A
C
A
I
was
distracted
from
my
when
I
the
point.
I
got
it
hurt
by
the
conversation
just
going
on
so
I
I
guess
I
had
22
comments.
One
is
that
I
think
you're
point
that
you
just
made
their
mark
is
important.
There
are
different
different
levels
of
access.
The
captive
portals
really
want,
and
some
want
to,
of
course,
put
a
lot
of
things
in
the
way
for
you
to
have
to
go
through
before
you
can
get
there
on.
The
other
piece
is:
if
we
look
at
you
know,
we
at
the
ITF
are
graded.
A
Creating
protocols
were
less
great
at
getting
those
actually
out
there
deployed,
and
while
that
keeps
on
us
employed,
that's
not
really
what
we
want
to
see.
We
want
to
see
these
things
out
there.
I
would
point,
I
guess
my
question
would
be
I'm
not
seeing
that
we
have
people
here
who
are
involved
with
this,
but
I
also
recall
some
insane
conversations
there
and
I
guess
a
question
I
would
say
is:
do
we
have
any
understanding
of
the
industry
of
the
captive
portal
industry
and
of
the
people
who
are
the
players
in
it?
A
It
due
in
court
already
saying:
no:
oh,
that's,
okay,
I!
Guess,
here's
my
point:
if
we
look
at
how
well
RTC
web
or
web
RTC
or
a
party,
let
WebRTC,
whichever
one
in
which
to
call
it
hey
all
of
those
things.
Yes
exactly.
If
we
look
at
that,
I
mean
a
large
part
of
the
success
that
has
happened
with.
That
is
because
we've
had
two
of
the
largest
players
in
that
space
very
actively
involved
and
implementing
it
as
it
goes
along.
So
I
guess
to
your
last
point
about
getting
vendor
involvement.
A
I
guess
I
would
ask
the
question
to
all
of
us
here.
Is,
you
know,
are
there
ones
you
know
that
are
doing
this?
Do
a
lot
of
the
hotels
seem
to
when
I
go
around
them?
A
lot
of
them
seem
to
outsource
their
captive
portals.
To
you
know
a
certain
subset
of
companies
and
so
I
we
throw
out
a
question
might
be
to
see
if
we
can
identify
some
of
those
and
see
if
we
can
get
them
involved
with
in
the
effort
we
come
up
with
right.
C
B
So
one
thing
sort
of
follow
on
from
that.
One
of
the
folk
who
works
at
google
also
works
on
a
apparently
the
largest
open
source
capture
photo
implementation,
which
then
gets
baked
into
you,
know
a
bunch
of
home
CVE
and
gets
used
in
a
bunch
of
small,
so
small
deployments
of
seat
of
captive
photos,
and
so
we
at
least
have
that
person
who
is
interested
in
participating.
A
Well,
our
company
has
one:
that's
I,
don't
actually
work
on
it,
but
they
are
bad
and
I
think
they're
bad
because
they
they
seem
to
their.
They
give
an
attack
vector
of
an
open
web
page
that
is
rarely
patched
and
and
and
it's
it's
just
an
invitation
for
bad
things
to
happen,
and
they
promote
some
of
the
worst
user.
Behavior
Christian
touched
on
that,
but
also
the
habit
of
clicking
the
idiot
box.
A
That
says,
trust
this
untrusted
certificate
and
if
captive
portals
are
trying
to
be
elusive
and
get
around
operating
systems
that
are
trying
to
work
with
them,
then
maybe
we
could
just
declare
war
and
the
operating
systems
could
do
some
put
something
like
IP
/
DNS
into
their
into
their
product
or
make
it
easy
to
change.
Mac
addresses
and
basically
just
steal,
steal
their
their.
A
Successful
effort
would
look
like
because
I
heard,
for
instance,
well
there's
some
people
with
conflicts
of
interest
and
they
might
not
participate
in
this,
and
you
know
like
if
we're.
A
Out
all
stupid
captive
portals
everywhere,
I'm
pretty
sure
we
can
go
home,
so
there's
got
to
be
somewhere
short
of
that
that
we
want.
So
what.
A
C
A
A
Have
better
suggestions
than
this,
however,
so
I
would
like
this
to
get
better,
but
maybe
we
need
to
narrow.
A
Every
squad
so
I
do
think
we're
going.
B
A
Need
to
hear
from
some
people
make
these
things
I'm
a
throw
like
that
behind
me
on,
but
I
think
they've
had
a
good
point
here
if
we
can
find,
but
if
you
can
find
some
things
that
are
bachelors
users
and
bad
if
I,
captive
or
no
vendors
like
you,
cooperate
them
and
maybe
as
a
place
to
start
and
I.
A
Think
they're
obvious
places
to
start
like
you
know,
don't
block
up,
you
know,
don't
intercept
channels,
cash
ins
and
don't
intercept
things
are
on
port
80
and
those
aren't
doing
anybody
any
good
there,
you're
chained
to
the
user
on
and
YouTube.
Is
it
like?
It's
not
like
you're,
not
like
when
the
guy
can
expend
420
on
port
on
you
know
on
on
smtp,
or
you
know,
I
map
there
like
stuff
messages
down
at
BL
q.
A
It
says
it
says:
wedding
log
in
my
captive
portal,
so
I
mean
you're,
just
growing
new
calendar
entries
I'm,
just
great
just
screwing
up
this
connection,
so
I'm,
saying
I'm,
saying
what
I'm
saying
don't
know
mother
left
right
on
so
I
mean
son.
Thank
you
anything
anything.
It
has
the
property
that
we're
trying
to
like
make
the
user
get
stuff
for
free,
the.
A
Think
is
secure
and
implementable
and
whatever
supporting
docs
are
required
to
make
it
work,
I
think
bad
actor
captive
portal
implementers
are
out
of
scope.
Second,
one
is
from
Michael
Richardson.
Success,
for
me
is
having
a
taxonomy
of
captive
portal
techniques,
a
security
considerations
for
each
method.
That
would
be
enough
for
now,
because,
if
that's
as
far
as
we
get
and
we
can
apply
the
N
Harkins
method.
A
Hi
Dave
Wilson,
who
likes
free,
Wi-Fi.
Okay,
do
you
wonder
why
these
companies
provide
free,
Wi-Fi
right?
There's
some
quid
pro
quo
here
you
know,
there's
maybe
starbucks
is
to
get
you
to
come
to
starbucks.
You
know.
Maybe
they
don't
they
don't
really
have
an
incentive.
Put
you
in
front
of
a
portal
and
also,
I
don't
think
it's
constructive
to
talk
about
the
quality
of
what's
presented
to
you,
because
we
don't
try
to
make
rules
about
whether
people
should
be
allowed
to
have
bad
websites
or
good
websites.
A
You
know,
there's
really
bad
websites
out
there
that
are
full
of
advertising
and
full
of
useless
information.
You
know
we
don't
try
to
legislate
that
they
shouldn't
lose
it
right.
So
I
don't
think
it's
useful
to
talk
about
the
quality
of
the
pages
or
the
length
of
the
video
or
how
many
ads
there
are
anything
like
that.
I
think
we
have
to
recognize
that.
A
A
You
know
no
trying
not
to
have
to
guess
about
what
the
operating
system
is
doing
to
detect
whether
they're
trying
to
get
a
pearl
or
not
and
trying
not.
You
know
if
those
if
it
was
this
is
what
the
operating
system
is
going
to
do,
and
this
is
what
you
do
if
you
want
to
tell
the
operating
system.
There's
a
portal
I
think
that
would
be
really
useful.
A
A
C
A
That
the
next
the
next
I
guess
captive
portal
invitation
is
going
to
be
hotspot,
2.0
and
I,
and
no
matter
which
way
you
look
at
it.
You
still
have
to
login
somehow
provide
potentials
to
get
the
configuration
I
think
if
we
can
maybe
define
a
user
experience
for
that.
That
could
work
in
a
captive
portal
state,
that's
user,
friendly
and
kind
of
explains.
What's
going
on
with
the
operating
system
and
palettes
and
how
it's
being
managed,
I
think
idea
an
interesting
path
to
go.
B
So
let
me
insert
myself
OT
what
I
had
thought
of
would
work
out
nicely
for
success?
Is
I
arrived
somewhere
and
I
arrived
with
my
phone,
and
the
network
tells
my
phone
you're
behind
a
captive
portal
and
then
potentially,
the
phone
has
a
standardized
you
I
provided
by
my
cell
phone
vendor
that
looks
the
same
across
all
lasers
and
it
provides
me
a
little
menu
that
says
this
match
for
this
and.
B
I
understand
that
that
only
fits
in
some
set
of
capture
portal
desires
are
those
who
would
like
money
in
exchange
for
your
time.
It
does
not
solve
the
ones
or
sort
of
would
like
eyeballs,
so
it
only
fits
a
certain
set
of
use
cases,
but
that
was
my
sort
of
I
arrived.
I
can
imagine,
I
get
internets
I
give
them
so
many
life
goes
on
and
that
was
sort
of
my
ideal
outcome
and
now
there's
a
really
long
line
so
I
should
shut
up.
B
A
I'm
sorry,
hi,
clémence,
shotgun
I
have
two
comments
here.
One
we
should
not
only
think
about
payment
methods,
it
is.
It
has
become
a
legal
problem
in
many
countries
that,
even
if
you're
totally
willing
to
provide
free
internets
to
everyone
who
comes
by
for
some
legal
reason,
you
have
to
instruct
them
first
not
to
do
anything
bad
in
to
agree
to
these
terms.
So
there's
something
that
we
need
to
consider
there
as
well
beside
fireman,
and
the
second
thing
is
I
think
when
you're
asking
about
how?
How
can.
A
Network
side
says:
why
should
be
implemented?
There
is
no
devices
doing
that
device.
Guy
says:
why
should
we
believe
it
there's
no
network
that
does
that
when
I
look
around
in
this
room,
I
see
like
people
responsible
for
for
that
shy
of
100
percent
of
mobile
network
devices.
If
we,
if
we
only
be
on
a.
A
A
A
A
With
respect
to
the
y
portal
makers,
so
they're
making
money
was
11
ways
incited
advertising
eyeballs.
I
think
there
is
much
more
to
that.
Ok,
they
that's
not
the
only
reason
so
k
they
should
be
cited,
but
it's
not
the
only
reason.
Sometimes
the
port
omegas
want
to
be
make
sure
to
make
sure
they
have
in
front
of
them
a
person
that
is
responsibility
using
the
internet
and
just
click
on
something
I
accept
the
conditions
of
use
it.
A
So
sometimes
they
just
want
your
age
so
that
they
have
statistics
on
on
the
age
of
the
people
who
use
internet
in
that
particular
place
and
which
brings
in
a
privacy
question
that
could
be
solved
as
as
a
at
at
a
regulatory
level.
I
mean
this
is
probably
little
appreciated
to
to
be
said
here
in
this
context,
but
sometimes
with
the
privacy
of
cookies.
This
was
a
problem
that
was
solved
that
the
legislation
level
now
you
have
in
Europe
all
these
websites
that
are
mandated
to
tell
you
this
site
uses
cookies.
A
So
you
must
agree
on
them
if
the
legislation
also
mandates
this
captive
portal
to
tell
the
users
that
you
are
behind
the
captive
total,
then
that
could
also
be
a
solution
from
that
comes
from
upper
legislation
on
from
ITF
and
finally,
my
comment:
we'd
expect
to
the
user
interface
whether
that
user
interface
is
a
standard
user
interface
for
several
operating
system.
It
still
requires
the
end
user
to
fill
in
forms,
and
this
is
something
that
may
be
acceptable
and
may
be
successful
for
some
devices
like
laptops
like
PDAs.
A
It
is
not
acceptable
for
devices
that
don't
have
user
interfaces
and
I
name
in
particular
I
name
vehicles
on
this,
but
there
are
more
than
just
vehicles.
We
have
many
devices
that
want
to
connect
to
these
captive
portals
and
that
want
to
be
easily
accessing
the
internet,
even
though
they
accept
the
conditions
of
music.
So
automated
it
was
some
summer
in
the
in
the
first
sites.
The
automated
yeah
allow
automation
honestly,
and
there
are
already
you
have
not
cited-
that
the
open-source
efforts
trying
to
do
this
automated
connection
through
captive
posters,
okay
inference.
A
C
A
A
A
In
the
middle
we
used
to
have
captive
bottles
at
the
edge
proposed
have
essentially
been
banned,
and,
having
said
that,
as
the
systems
evolved
at
the
universities,
if
we
have
guests
who
are
not
from
an
edge
your
own
site,
we
do
typically
university
17
at
the
cloud
or
another
captive
portal
service
for
our
guests.
So
this
is
actually
very
important
to
us
as
well.
A
At
universities
were
not
ignoring
us
up,
as
you
have
hedge
row,
that's
an
important
thing
and
I
think
the
edge
your
own
community
will
be
very
interested
in
helping
this,
because
we've
evolved
certain
practices
and
so
on.
Common
standards
for
the
types
of
services
and
protocols
you're
guaranteed
to
get
to
once.
You've
authenticated
on
JJ
jareau.
That
type
of
thing
so
I
think
that's
helpful.
The
other
thing
that
is
obvious,
then,
is
you
probably
have
at
least
two
ssids
I.
Think
one
of
the
things
to
notice
when
you
are
in
it
a
place.
A
You've
got
to
pick
between
all
these
societies,
it'd
be
kind
of
nice.
If
this
was
built
with
it
in
mind
that
your
device
could
talk
to
all
those
SS
IDs
and
essentially
broken
you,
the
best
internet
connection,
you
can
get,
rather
than
just
you
having
to
select
them
one
by
one
and
discovering
what's
behind
there.
So
maybe
thinking
about
that
might
be
interesting
too.
So.
C
One
of
my
concerns
is:
is
that
if
we
try
and
make
this
the
all-singing,
all-dancing
captive
portal
mechanism,
we
very
well
may
fail
and
then
so
I
think
one
of
the
things
I'd
like
to
hear
discussed
is
you
know:
do
we
do
small
things
that
are
a
medial
and
just
trying
and
either
document?
What's
current
practice?
Oh-
and
maybe
you
know,
hit
the
eighty
percent
use
case
or
even
the
sixty
percent
use
case
versus
doing
the
whole
enchilada.
We
have
some
of
the
bag
like
sugar,
the
bed.
A
A
Cisco
captain
Porter
problem
is
also
relevant
to
enterprise
firewalls,
where
the
same
various
cases
well-
enterprise
firewalls,
to
use
capital
portals
to
enforce
identity
based
policy.
So
it's
not
just
a
problem
for
a
force
of
coffee
shops,
but
we.
B
A
A
I
mean,
certainly
it's
possible
to
do,
but
it
was
just
not
an
acceptable
solution
to
work
on
the
best.
The
variety
of
platforms
that
we
need
to
be
on
and
the
different
goals
of
captive
portal
users
and
providers
that
they
wanted
information
from
people
they
wanted
to
give
customized
information
about
the
venue.
They
wanted
you
to
see
something
when
it
came
up
and
to
to
try
and
come
up
with
what
would
satisfy
them
all
it
just
wasn't
possible.
So
it's
a
data
point
for
you.
A
A
Think
I
see
a
disconnect
between
the
two
one
is
making
a
current
broken
captive
portals
that
work
and
the
other
is
going
to
automated
logins,
which
really
hot
spot
to
total
pass
point
eduroam
using
a
tattoo
dot1x
with
eight
methods,
kind
of
gets
you
to
so
I
think
you
need
to
decide
which
one
you
want
to
do
and
I
would
put
up
a
vote
for
how
can
we
advance
progress
of
automated
logins?
You
know
a
jerome
is
a
great
example.
A
I'm
not
saying
that
it's
that
this
emphasis
is
going
to
totally
get
rid
of
captive
portals.
There
are
times
when
you're
still
need
to
use
them,
or
you
know
they're
out
there
on
other
ways
to
actually
further
minimize
the
use
of
captive
portals
and
move
more
to
automated
logins.
You
know
there
is
some
progress
in
deploying
hot
spot
to
that,
oh
and
operator
environments,
but
it's
taken
a
while
to
roll
out.
A
As
you
know,
operators
of
course
are
very
slow
and
deploying
things,
but
once
you
know
you
can
get
faster
or
more
convenient
automated
logins
using
oh.
This
is
probably
not
the
right
word,
but
federated
credentials
we're
using.
Maybe
your
facebook
credential,
you
know,
google
crunch
or
whatever.
Now
people
are
starting
to
look
at
how
to
do
that,
and
so
to
make
the
automated
logins
come
sooner
rather
than
later.
I
think
if
this
group
is
form,
should
be
a
focus.
A
So
I'll
I'm
relaying
for
a
couple
of
people,
Dan
York
relaying
for
Ted
who
says
Ted
lemon.
Yes,
it
says
I,
don't
think
we
want
to
compete
with
Eddie
Rome
I
want
the
CP
in
the
local
hospital
work
to
work
right.
Automated
logins
are
for
big
operator
networks,
not
small,
CP,
setups
and
earlier
he
also
said
well,
no
I,
guess
it's
sort
of
a
combined
into
that
one.
A
Ok,
so
that
was
Ted's
comment
there
I
guess
I
would
taking
off
the
jabber
chat
hat
on
my
own
sake,
I
think
to
the
points
that
have
been
said
about
I
think
we
have
to
recognize
captive
portals
are
here
when
you
know
as
much
as
many
of
us
would
like
to
jump
on
me.
You
know
just
do
something
else
and
they
will
do
it
they're
going
to
do
it.
You
know
it
captive
portals
are
here
and
learn
as
much
as
you
may
have
that
nice
picture
things.
A
I
agree
with
the
speaker
who
is
here
before,
but
the
other
part
is
a
lot
of
those
captive
portals,
have
a
focus
around
mamu
mamu
mark
15
and
that's
what
they
want,
and
so
they
don't
want
to
give
a
standardized
view.
They
want
to
give
a
view
that
is
unique
to
their
play
it
as
their
pictures
and
their
things,
and
they
want
to
capture
all
your
data.
A
So
they
don't
want
automated
logins
because
they
want
to
get
your
stuff
so
that
they
can
go
and
start
sending
you
email
newsletters
about
their
cats,
videos
or
whatever
they
want
to
do
so
and
that's
their
point
is
to
get
that
data
from
you
in
many
of
the
commercials.
Now
I
wanted
to
make
the
point
that
Tim
made
and
others
made
to
that
there
are
a
lot
of
benign
I,
mean
good
uses.
You
know
corporate
guests
networks
a
lot
of
other
places
where
there
are
good
uses
of
captive
portal.
A
So
we
have
to
be
careful
the
language
that
we're
using
on
that
I.
Think,
though,
the
other
the
person
who
is
sitting
up
here
said
if
we've
got
a
significant,
significant
number
of
people
here
from
both
sides
who
want
to
want
to
participate
in
this,
there
certainly
is
if
we
can
come
to
an
agreeable
solution
that
can
be
deployed
by
folks
into
your
point
mark
not
at
the
big
giant
that
you've
got
to
come
up
with
what
is
the
smallest
set
of
solutions
that
goes
and
solve.
A
C
A
Okay,
yeah
no
runs
a
clear
d,
so
I
kind
of
like
for
your
Wi-Fi,
but
what
I
like
is
internet
access.
So
one
of
the
things
that
really
really
irritates
me
about
all
the
stuff
is
that
I
have
a
perfectly
working
LTE
connection
right,
I
want
to
use
your
captive
portal,
I
really
do,
but
while
I'm
signing
in
I
don't
want
all
of
my
stuff
to
stop
working
I,
don't
want
my
I.
Don't
want
my
voice
cold
or
stop
working
I.
A
Don't
want
all
this
such
that
when
I
come
back
and
within
range
of
starbucks,
my
phone
says
AG.
This
is
an
open
Internet
network.
I'm
going
to
drop
your
phone
call,
isolate
you
from
your
email
and
cut
you
off
from
the
internet.
You
know,
and
I
think
that's
the
reason
why
a
lot
of
operating
systems
have
these
checks,
and
so
hopefully
we
can
find
a
common
ground
there.
Another
point
I
wanted
to
make
and
so
ran
over.
Another
point
I
wanted
to
make
is
to
agree
with
a
lot
of
the
earlier
comments.
A
I
think
captive
portal
is
too
generic
term.
It's
not
it's
not
a
generic.
It's
not
too
generous.
It's
not
useful,
I.
Think,
echoing
an
earlier
comment.
We
do
need
a
taxonomy
of
this
stuff
because
some
of
them
are
really
pay
for
my
time
the
other
ones
are
agree
to
my
terms
and
conditions.
The
other
ones
are
just
a
poor
man's
replacement
fredo
to
dot1x.
I
think,
in
order
to
make
progress,
we
should
yeah.
That's
right.
We
need
to
well
sort
of
yeah.
We
need
is
what
we
need.
A
A
He
opens
the
bug
saying
my
phone
is
on
on
sailor
day
or
why
and
it
turns
out
that
his
his
ruder
had
turned
into
a
captive
portal,
because
it's
the
AT&T,
which
I
when
it's
dsl
connection
goes
down,
starts
putting
starts
doing
ssl,
intercept,
saying:
oh,
you
know,
like
you,
know,
click
on
this
warning
when
you
get
past
that
I'm
going
to
tell
you
that
your
internet
connection
is
down
gia.
Isn't
that
helpful?
Alright?
So
I
think
I
think
the
lesson
there
is
twofold.
A
First,
people
are
doing
this
because
they
want
to
get
messages
to
the
user,
and
this
is
the
only
way
that
works.
So
I
don't
know
if
we
can
do
better
on
that.
Perhaps
we
can't
because
HTML
is
very
rich,
and
so
maybe
we
can't
do
that
on
that
and
another
is
again
we
need
to
figure
out
what
people
are
doing
this
for,
but.
C
Just
a
time
check,
we
have
I
think
a
half
an
hour,
a
bit
less
left
and
I
want
to
leave
at
least
what
15
20
minutes
to
wrap
up,
and
so
please
be
brief
and-
and
we
might
close
the
ques
pretty
soon.
A
Kuchar
ally
and
so
far
the
discussion
that
I'm
hearing
has
a
lot
of
you.
I
type
words
to
it
and
we're
not
very
good
at
that
here.
I
think
that's!
Basically,
the
thrust
of
my
comment
is
this
feels
like
it
lies
its
it's
some
above
where
our
usual
purview
and
I'm
worried
that
we
might
be
diving
in
some
place
where
we
might
do
more
harm
than
good.
A
A
Tobias
gone
wrong
and
thinking
about
what
would
success,
look
like
for
the
working
group
or
for
whatever
we
do
and
I
see
four
base
scenarios,
money,
eyeballs
legislation
and
regulations
or
simple
authentication.
So
these
are
the
four
scenarios.
Actually
I
would
settle
for
the
benign
friendly
ones,
which
would
be
legislation
of
authentication.
So
if
we
could
already
solve
that
I
think
for
them.
It
would
also
be
beneficial
to
have
something
like
that,
because
they
would
have
to
implement
less.
They
could
probably
buy
something
out
of
the
box.
A
Morgan's
eggheads
and
about
networks
I
want
to
speak
towards
the
presentation
of
the
content
when
you
encounter
one
of
these
things,
I
again
would
agree
that
it's
not
useful
to
limit
what
can
be
displayed.
A
lot
of
these
smaller
devices
have
less
than
fully
featured
browsers
that
helped
a
candle
HTML
interaction.
A
Presumably
they
do
that
to
help
with
in
the
security
area,
because
you
don't
know
if
you
can
trust
the
network
that
you've
just
attached
to.
However,
as
a
portal
creator,
sometimes
I
want
to
have
access
to
those
features
to
make
that
user
experience
better.
So
what
I
would
like
to
see
is
some
discussion
in
how
to
implement
that
and
provide
the
trust
in
the
security.
That's
that's
desire.
Don't.
B
Go
so
how
would
you
feel
about
a
sort
of
API
option,
something
where
you
can
say
all
I
would
like,
as
I
would
like
to
ask
the
user
for
them
to
click
on
OK
button
or
enter
their
name
and
email
address
quickly,
and
then
another
option
which
is
and
I
would
instead
like
a
more
fully
featured
browser.
You
know
with
a
separate,
cookie,
store,
etc.
Would
it
be
useful
to
have
those
couple
of
options
like
that.
A
Yes,
yes,
I
do
think
so,
however,
in
the
particular
use
cases
that
I'm
it
I'm
thinking
of
I'm,
not
necessarily
asking
for
credentials
by
EULA.
Anything
like
that
I'm
directing
them
to
an
application.
I.
A
Second,
winter
I
think
there
are
basically
two
types
of
captive,
orcas
some
which
require
you
paying
with
money.
That's
I
think
problem
we
can
solve,
because
this
works
out
of
pathways
automated
Lee
and
there
are
those
who
want
to
pay
you
with
your
attention
span
and
I.
Think
if
we
try
to
solve
those
yeah
a
bunch
of
fail
just
because
we
don't
know
why
they
want
the
attention
span,
I'm
actually
learned
if
they
put
a
youtube
app
or
whatever.
So
you
go
down
the
route
of
providing
numerous
options
are
much.
A
Do
you
really
want
from
the
user?
I
think
we
are
chasing
about
chasing
long
tail
and
I'll
give
hundreds
of
things
to
consider
at
some
point.
What
might
this
41
from
the
user
I
wouldn't
want
to
manage
that
kind
of
API
tiberium
I
want
to
go
back
to
something
it
was
pointed
out
earlier
in
terms
of
the
amount
of
information
that
it's
kind
of
leaking
accidentally
here
and
I.
A
So
it's
not
leaking
cookies
or
other
information
about
the
the
data.
That's
not
necessarily
salient
to
the
captive
portal
user
and
certainly
couldn't
be
passed
on.
It's
kind
of
bad
enough
that
in
a
lot
of
these
cases,
what
the
request
is
being
passed.
The
user
is
for
much
more
privacy,
sensitive
information
than
the
user
realizes.
It
would
be
really
nice
if
we,
if
we
could
stop
the
leakage
of
all
of
the
other
privacy,
sensitive
information
that
isn't
even
necessarily
inherent
in
the
clicking.
The
Facebook
like
well.
A
Dave
Crocker,
so
I
heard
statements
that
this
is
a
complicated
space
and
that
there's
lots
of
variation
in
what
people
do
and
how
they
do
it,
and
and
I
heard
a
suggestion
that
we
should
think
about
which
things
we
can
carve
off
and
which
ones
we
shouldn't
I'd.
A
Like
that
a
lot
it
I
suggest
that
a
starting
effort
should
be
to
characterize
this
space
it
with
an
informational
document
and
I,
say
a
document
of
care
with
the
details
of
how
its
produced,
whether
it's
one
or
more
that
depend
on
what
makes
sense,
but
but
characterize
the
space
in
a
way
that
gets
people
going.
A
Yes,
I
see
that
and
I
like
this
piece
or
I
like
that
piece,
but
but
gets
some
coherence
among
people
both
inside
the
IDF
and
outside
I,
heard
a
challenge
on
the
term
callette
captive
portal,
and
yet
people
seem
to
be
using
it
very
comfortably
if
they're,
if
they,
if,
indeed
that's
the
term,
then
that's
the
term
and
whether
we
like
it
or
not.
If
it's
not
the
term,
if
there
isn't
real
comfort
with
it,
then
yes,
finding
a
single
term
would
be
really
helpful.
B
A
Way
so
weren't
boring
good.
Would
you
like
an
API
that
did
that
was
perfect?
It
was
pointed
it
was
clear
and-
and
it
was
small
whether
in
fact
we
do
that
separate
issue,
but
but
in
fact,
having
the
document
point
out
a
range
of
things
that
might
be
done.
The
thing
that
you
asked
for
and
which
caused
me
to
step
up
was
when
you
were
saying,
complicated
and
try
to
boil
the
ocean.
A
Should
we
do
that,
it
is
there's
a
hierarchy
of
things
we
can
do
in
getting
a
sense
of
what's
the
low-hanging
fruit
we
can
do
easily
and
would
be
useful
and
we
think
we
know
who
will
implement
it.
They
don't
have
to
commit,
but
we
think
you
know
that
would
be
a
place
to
start
and
and
the
rest
of
this
stuff
would
be
characterized
but
not
pursued
until
maybe
later
and
Phillip
Fulmer
and
some
people
were
worried
about
connecting
to
a
captive
portal
and
then
their
secrets
leaking
out
or
other
stuff.
I.
A
Don't
understand
that
concept
you
for
next
to
an
untrusted
Wi-Fi
network.
When
you
go
through
a
portal,
then
you
send
your
data
that
and
you
worry
about
stuff
leaking
out
of
you
you're,
going
to
send
it
anyhow
when
you
are
looking
so
I,
don't
consider
that
an
issue
I
mean
use
more
encryption
if
you're
worried
about
it.
A
But
the
thing
that
we
do
really
need
is
a
standardized
signal
from
the
portal
to
the
operating
system
to
say,
you're
behind
the
captive
portal,
and
currently
that
signal
is
not
there,
so
they
redirect
HTTP
and
they
said
BS
and
whatnot
and
I
mean
that's
a
protocol
that
we
just
don't
have.
So
we
can't
blame
them
for
not
using
it
and
there's.
A
second
point
is
that
not
the
most
pop
kept
two
photos
have
in
common
and
say
the
80
to
1.
A
X
is
separate
in
that
case
if
they
want
to
interact
with
user
and
I,
don't
care
how
they
want
to
interact
like
that
around
the
credit
card,
or
what
are
you
to
watch
advertisements
or
what
not,
and
we
have
the
perfectly
stand
that
way
of
interacting
with
users
and
that's
HTML.
So
if
we
just
find
a
way
to
throw
to
connect
the
portal
to
say
hey,
you
are
behind
the
captive
portal,
you
need
to
fire
up
a
browser,
then
operating
systems
can
just
do
that
and
the
Lord
to
user.
A
My
t-shirt,
Microsoft
so
I
will
echo
some
of
the
previous
comments.
I
do
like
the
idea
of
moving
toward
kind
of
an
informational
overview
of
what
problems
are
out
there.
What
techniques
are
currently
in
use?
I
can
speak
to
a
couple
of
them
brief,
leick
and
I
in
Windows,
8
I
own,
how
we
detect
captive
portal
to
the
windows.
I,
don't
anymore
as
part
of
that
I
was
also
briefly
in
the
Wi-Fi
Alliance
hotspot,
20
group.
A
A
I
think
all
the
OS
is
due
and
the
way
we
do
it.
We
have
in
the
UN
us
a
hard-coded
URL.
We
go
out
and
try
to
reach
that
URL,
and
we
know
what
content
is
there.
If
we
cannot
reach
the
URL,
we
don't
have
internet
access
if
we
reach
the
URL
on
the
content
as
anything
other
than
what
are
coded,
and
we
know
to
expect.
We
assume
its
captive
portal
and
Papa
browser.
A
A
But
I
think
as
we
move
forward,
we
do
just
want
to
get
an
overview
of
what
are
the
operating
systems
deal?
What
did
he
capture
portals
do
when?
Why
and
what
other
techniques
are
out
there
and
where
the
gaps,
the
biggest
gap
that
I'm
aware
of
that
we
and
the
IETF
could
define
and
fix,
is
when
you
have
a
TLS
connection,
there's
no
a
limit
defined
to
say:
I
am
not
the
person
you're
trying
to
connect
to
please
stop
right.
C
A
Thompson
I'm
hearing
a
lot
of
criticisms
levelled
at
captive
portals
here,
but
I'd
also
like
to
level
a
couple
of
the
operating
system:
vendors,
a
lot
of
the
natural
posture
that
we've
had
here
and
a
lot
of
the
discussions.
This
seems
implicit
in
that
is
that
we
want
to
treat
the
stuff
that's
coming
from.
The
captive
portal
is
poisonous
crap,
and
so
what
you
see
is
the
browser.
That's
popped
up.
A
Is
they
want
you
to
get
your
browser
open
with
your
facebook
login
right,
and
so
they
actively
try
to
avoid
whatever
it
is
of
the
operating
systems?
Doing
now,
that's
not
to
say
that
Ted's
concerns
not
valid
I
think
we
need
to.
We
need
to
be
aware
of
the
presence
of
the
captive
portal
so
that
we
don't
do
things
like
open
up
imap
connections
and
get
all
sorts
of
rubbish
happening,
and
we
don't
want
to
be
connecting
to
secure
sites
and
have
certificate
override
dialogues
coming
up
in
all
essence
of
other
things.
A
A
A
That,
then,
it's
less
distracting.
Speaking
for
the
Android
implementation,
that's
not
technically
possible,
because
when
we
detect
a
captive
portal,
it's
placed
in
the
background
until
the
user
logs
in
because
I
don't
want
the
hangouts
TCP
connection,
everything
else
to
go
the
captive
portal
right,
so
the
user
wants
internet
to
flow
and
the
browser
is
not
technically
capable
of
right.
Of
opening
up
a
window
on
a
different
network.
I
mean
no.
Such
browser
exists.
Now
there
is
an
API
for
doing
that.
If
the
browser
wanted
to
implement
it
could
but
chrome
doesn't
implement
it.
C
So
this
has
been
an
interesting
discussion.
I
wanted
to
add
one
piece
of
anecdotal
evidence
on
my
part,
which
is
I
travel
a
lot
and
I
have
noticed
in
the
last
year
or
two,
especially
in
the
eastern
hemisphere.
People
aren't
using
capital
portals
anymore
I,
think
people
are
being
driven
away
from
deploying
them
because
there's
such
a
bad
user
experience
I
personally
do
not
want
whatever
happens
here
to
stop
that
trend,
because
I
live
in
a
country
where
we
don't
have
the
need
for
legal
terms
and
conditions.
In
most
cases,.
C
Let's
try
so
we
heard
a
number
of
opinions
about
how
to
move
forward.
It
seemed
like
there
was
a
certain
amount
of
sympathy
for
starting
by
documenting
what
the
current
problems
and
use
cases
problems
involved
with
in
the
use
cases
of
captive
portals
are
and-
and
that
seems
like
a
reasonable
first
step
to
me-
should
we
start
some
light
coming,
perhaps
so,
who
thinks
that
it
is
an
interesting
work
item
for
a
potential
I,
ATF
working
group
to
a
document,
use
cases
and
problems
of
and
problems
with
captive
portals?
C
A
B
A
C
Sorry,
I
didn't
catch
last
night.
That's
how
behaved
worked
out.
Okay,
Leah
taxonomy
would
would
undoubtedly
be
part
of
that
I.
Think
of
the
people
who
so
I'm
from
my
perspective,
I
think
that
there
are
a
lot
of
people
with
opinions
about
captive
portals,
but
the
people
who
work
with
them
are
they're
consuming
them
more
producing
them
have
a
much
greater
depth
of
knowledge
about.
What's
going
on
there
of
the
people
who
put
their
hands
up
as
an
implementer
before
who
would
be
willing
to
contribute
to
such
an
effort?
Could
we
see
the
hands?
C
Can
okay,
so
about
the
same
number
of
hands
ish,
which
is
good,
so
we
have
people
wrong
to
contribute
in
some
fashion
and
barely
care
achter.
That
is
a
fairly
strong
interests
in
that
sort
of
work.
Who
then
the
next
question
is
is:
is
there?
Is
it
worth
trying
to
do
something
more
than
that
to
start
with
and
are
asked
again
to
hum,
who
supports
a
more
aggressive
schedule?
C
C
A
C
A
B
B
C
A
A
C
Its
jeweler,
I
said
here
I
think
it's
too
early
for
that
yeah
because
we
don't
even
know
what
you're
plugging
yeah.
So
I
just
want
to
finish
the
hum
there
real
quick
as
long
as
it's
not
controversial
that
we
include
best
practices
in
that
first
bucket,
that
we
hummed
on
a
technical
mechanisms
who
thinks
it's
too
early
to
talk
about
technical
mechanisms
are
now,
please:
ok,
that's
a
stronger
than
the
interest.
What
I
think
I.
A
B
C
Think
and
I
think
Aaron
put
it
fairly.
Well,
we
have
a
bucket
of
you
know:
exploring
the
current
space
possible
best
practices.
You
know
in
terms
of
avoid
this
and
what
problems
are
caused
by
captive
portals,
that's
the
kind
of
documentation
bucket
and
then
there's
the
new
technical
new
protocol
mechanisms
that
we
could
deliver.
That
is
something
cut
from
whole
cloth.
So.
B
A
C
I'm
gonna
interrupt
here
the
folks
in
the
queue,
if
you're
continuing
the
discussion
about
captive
portals,
we
have
five
minutes
left,
and
so
this
really
needs
to
be
about
next
steps.
Okay,.
A
Proxying
a
comment
from
Michael
Richardson
again
the
fastest
we
can
go
is
to
not
finish
the
protocol
work
before
we
finish.
The
taxonomy
see
no
reason
to
limit
when
we
start
work.
If
we
have
the
energy
available
plant
and
Tim
China
show
everyone's
familiar
with
our
c-54
34,
which
talks
about
the
criteria
for
above
and
that
the
third
one's
quite
useful
here
I
think
the
scope
of
the
problem
is
well
defined
and
understood.
People
generally
understand
what
the
working
group
will
work
on
and
what
it
won't
work
on.
A
What
the
actual
deliverables
will
be
a
sort
of
hand,
wavy,
saying
people
can
write
stuff
and
they'll
be
ok,
I
think
we
need
to
make
very
clear
what
is
in
scope
and
what
isn't
the
whole
room
understands
them
learn
yeah
long
time,
zone,
I,
I,
see
this
and
I
get
very
worried
from
about
step
3
and
in
the
milestones
here
and
I.
Think
there
is
something
that
we
could
potentially
do.
That
is
significantly
tighter
in
scope
than
that,
but
we
haven't
gotten
even
close
to
that
in
this
discussion
today.
C
And
I'm
worried
that
a
lot
a
good
portion
of
us,
including
myself,
don't
fully
understand
the
problem
space
and
are
you
know
guessing
based
on
anecdotal
evidence,
rather
than
deep
knowledge
and
I?
Think
one
of
the
questions
that
we
should
face?
Is
it
to
publish
these
informational
documents?
If
you
know
that's
a
direction,
that's
interesting
and
does
seem
like
they're,
simple
and
interest.
Is
a
working
group
necessary
for
that
not.
A
I
agree
with
the
comments,
as
we
hear
about
scope,
I
think
is
critical
as
far
as
what
we're
looking
at
in
terms
of
what
we
talked
about.
The
other
point
is
Dan
wing
dropped,
a
link
into
the
jabber
chat
to
a
wiki
that
was
created
after
the
last
fall
that
does
have
in
a
quick
look
of
it.
Askim
poor
bunts
of
information
has
been
already
captured,
so
it
may
be
something
we
want
to
at
least
make
more
available
to
people.
So
they
know
it's
out
there
and
look
at
expanding
or
adding
2
etcetera
is.
C
A
But
its
good
looks
like
a
a
quick
look.
It
looks
like
it
could
be
useful,
I,
don't
know
real
quick
dan
dan.
C
A
A
Cases
is
not
just
okay,
this
is
what
it
use.
We
need
to
understand
what
the
captive
portal
requirements
are,
and
then
you
know
you
can
move
to
a
metamodel
intent-based
metal
model
using
the
taxonomy,
so
you
actually
give
permissions
according
to
to
the
needs
and
it's
controlled
in
its
in
a
very,
very
it's
managed
in
a
very
controlled
environment.
A
A
C
Keep
going
so
to
me,
maybe
the
biggest
thing
we
can
capture
right
now
is
we
had
implementers
expressing
some
level
of
interest
and
how
do
we
keep
that
in
place?
If
we
decide
to
do
something?
So
if
of
those
people
who
raise
their
hands,
are
you
all
on
the
captive
portals
mailing
list?
If
you
are
not,
please
figure
out
how
to
get
on
it.