Dual stack hotspot/captive portal

[Mikael Abrahamsson]

On Wed, 23 Feb 2011, Marc Blanchet wrote:

> I thought we were talking about hotspot with captive portal which 
> suggests public places with not the same level of security requirements 
> as an enterprise network.

Not protecting users from man-in-the-middle attacks and session hijackings 
is really bad business practice. You need to protect the users MORE in 
that kind of environment than on an enterprise LAN. The most adverse 
environment securitywise is the role of an ISP, not the enterprise.

> To me, captive portals are just fine with router advertisements and I 
> don't see real need for DHCPv6. However, DHCPv6 can be a solution in 
> this environment, but there is currently some lack of clients 
> implementations. That might change in a not so distant future. However, 
> if one wants to do it right now, and it is for the general public, I 
> guess RA are probably more simple than DHCPv6, given all implementations 
> support RA.

You use RAs always, even in DHCPv6. You probably mean SLAAC.

And I would design it so that people with DHCPv6 support get IPv6, if they 
don't, they don't get IPv6. No SLAAC allowed. I guess we can agree to 
disagree.

-- 
Mikael Abrahamsson    email: swmike at swm.pp.se