Discuss what happens to traffic inside the captive network
klarose opened this issue · comments
Kyle Larose commented
Raised during review.
- Is it allowed by definition (i.e. within the walled garden)
- Is it more nuanced?
- Is it just up to the use-case?
Kyle Larose commented
Eric suggests in reply to my suggestions:
This would be up to the network operator, I suppose -- they define the
extent of the walled garden. The only hosts that must be reachable are
any necessary to perform the workflows related to gaining access. The
document mentions those in a few places. In section 2.4, the document
states:
Typically User Equipment is permitted access to a small number of
services and is
denied general network access until it satisfies the Captive Portal
Conditions.
Perhaps we could add some language indicating that this isn't intended
to be a normative requirement -- the restrictions placed by the
captive portal depend on its use-case.
EV> you may add "(.g., local communication)" after "small number of services" ?
>
I propose we do this.
Kyle Larose commented
@dcdolson replied with:
I don't think "local", implying physical proximity, is the correct word.
There are multiple technologies for serving DHCP, DNS, user portal, API,
etc. from
remote machines. I feel that adding "e.g., local communication" would
add more
confusion than clarity.How about, "... permitted access to a small number of services
(according to the
policies of the network provider) and is denied general network
access..."
Let's do that.