> On Nov 30, 2017, at 10:15 , William Herrin <[email protected]> wrote: > > On Thu, Nov 30, 2017 at 1:08 PM, Owen DeLong <[email protected] > <mailto:[email protected]>> wrote > > On Nov 30, 2017, at 08:20 , Josh Luthman <[email protected] > > <mailto:[email protected]>> wrote: > > > >> If TLS would somehow allow you to redirect... > > > > No but it would be nice to have a solution that redirects the user instead > > of "this page can't load" creating confusion. > > A well-known non-SSL (non-HSTS) URL that users could use for this purpose > would > serve the same purpose without producing the security problems mentioned. > > A well known SSL certificate that if it appears during negotiation means the > application should "check for captive portal.”
This would require modification of all clients and I see no advantage to it vs. a well known locally resolvable URL for captive portals that “MUST NOT” indicate HSTS. Please explain. Owen
