On Nov 30, 2017, at 10:15 , William Herrin <bill@herrin.us> wrote:
On Thu, Nov 30, 2017 at 1:08 PM, Owen DeLong <owen@delong.com <mailto:owen@delong.com>> wrote
On Nov 30, 2017, at 08:20 , Josh Luthman <josh@imaginenetworksllc.com <mailto:josh@imaginenetworksllc.com>> wrote:
If TLS would somehow allow you to redirect...
No but it would be nice to have a solution that redirects the user instead of "this page can't load" creating confusion.
A well-known non-SSL (non-HSTS) URL that users could use for this purpose would serve the same purpose without producing the security problems mentioned.
A well known SSL certificate that if it appears during negotiation means the application should "check for captive portal.”
This would require modification of all clients and I see no advantage to it vs. a well known locally resolvable URL for captive portals that “MUST NOT” indicate HSTS. Please explain. Owen