WiFi - login page redirection not working

Owen DeLong owen at delong.com
Thu Nov 30 19:07:09 CST 2017


> On Nov 30, 2017, at 10:15 , William Herrin <bill at herrin.us> wrote:
> 
> On Thu, Nov 30, 2017 at 1:08 PM, Owen DeLong <owen at delong.com <mailto:owen at delong.com>> wrote
> > On Nov 30, 2017, at 08:20 , Josh Luthman <josh at imaginenetworksllc.com <mailto:josh at imaginenetworksllc.com>> wrote:
> >
> >> If TLS  would somehow allow you to redirect...
> >
> > No but it would be nice to have a solution that redirects the user instead
> > of "this page can't load" creating confusion.
> 
> A well-known non-SSL (non-HSTS) URL that users could use for this purpose would
> serve the same purpose without producing the security problems mentioned.
> 
> A well known SSL certificate that if it appears during negotiation means the application should "check for captive portal.”

This would require modification of all clients and I see no advantage to it vs. a well known
locally resolvable URL for captive portals that “MUST NOT” indicate HSTS.

Please explain.

Owen



More information about the NANOG mailing list