nanog mailing list archives

Previous By Date Next
Previous By Thread Next

Re: WiFi - login page redirection not working

From: Owen DeLong <owen () delong com>
Date: Thu, 30 Nov 2017 11:07:09 -0800


On Nov 30, 2017, at 10:15 , William Herrin <bill () herrin us> wrote:

On Thu, Nov 30, 2017 at 1:08 PM, Owen DeLong <owen () delong com <mailto:owen () delong com>> wrote

On Nov 30, 2017, at 08:20 , Josh Luthman <josh () imaginenetworksllc com <mailto:josh () imaginenetworksllc com>> 
wrote:


If TLS  would somehow allow you to redirect...


No but it would be nice to have a solution that redirects the user instead
of "this page can't load" creating confusion.


A well-known non-SSL (non-HSTS) URL that users could use for this purpose would
serve the same purpose without producing the security problems mentioned.

A well known SSL certificate that if it appears during negotiation means the application should "check for captive 
portal.”


This would require modification of all clients and I see no advantage to it vs. a well known
locally resolvable URL for captive portals that “MUST NOT” indicate HSTS.

Please explain.

Owen
Previous By Date Next
Previous By Thread Next

Current thread: