Erik Kline <e...@google.com> wrote: > Some observations, and questions for the working group.
> I'm not sure we have enough input on whether 511 is useful or not. > There seemed to be some suggestion it would help, and some that it > wouldn't. Perhaps one question we could ask is whether it's harmful? > And if we agree it's not harmful, is it worth developing some > recommendations for its use? I think you are asking the right question here. > As for the ICMP unreachable option, I certainly don't think it would > be harmful (with the extra URL bits removed for now). Is that > something we wish to progress? I am keen to see it progress as you describe. > Given that we're probably looking at a portal detection method based > on entirely new work, it seems to me we're free to look at new things > like utilizing the PVD detection scheme (DNS queries for "provisioning > domain names", followed by other interaction still TBD). Have the > portal implementors reviewed this and given consideration as to > whether its useful? (I think of the discovery of the portal and > subsequent interaction with it as 2 separate processes conducted, > obviously, in serial.) On this topic, I imagine you have all read about: https://www.malwaretech.com/2017/05/how-to-accidentally-stop-a-global-cyber-attacks.html In which the investigator discovers that this malware looked for zones that ought not to exist, and if they did, assumed it was in a quaranteen/lab.. -- Michael Richardson <mcr+i...@sandelman.ca>, Sandelman Software Works -= IPv6 IoT consulting =-
signature.asc
Description: PGP signature
_______________________________________________ Captive-portals mailing list Captive-portals@ietf.org https://www.ietf.org/mailman/listinfo/captive-portals