Southwest Airlines captive portal

• Previous message (by thread): Southwest Airlines captive portal
• Next message (by thread): SoftLayer DAL05/DAL09 Public Network Issues
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Sat, Feb 27, 2016 at 5:40 PM, Rubens Kuhl <rubensk at gmail.com> wrote:

> Since many commonly used web properties are moving to HSTS + HPKP + CT it
> will become increasingly difficult to balance performance and security in
> high latency connections, but when it comes to a payment gateway, that
> airline should probably turn off acceleration for paypal.com and 3-D Secure
> bank pages.


Paypal's certificate is not pinned in Chrome/Firefox. imo a hard error
is desirable in this kind of scenario.
https://src.chromium.org/viewvc/chrome/trunk/src/net/http/transport_security_state_static.json?view=markup
https://wiki.mozilla.org/SecurityEngineering/Public_Key_Pinning#New_sites_pinned_in_Firefox_32

FWIW Southwest uses Row 44 (GEE Media) for inflight wifi.
http://www.geemedia.com/products/connectivity

• Previous message (by thread): Southwest Airlines captive portal
• Next message (by thread): SoftLayer DAL05/DAL09 Public Network Issues
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]