On Mar 25, 2015, at 12:08 PM, Mike Liebhold <[email protected]> wrote: > e.g. When encountering an "unrecognized certificate" warning - most people > click through.... potentially connecting to a spoofed site.... even though > it says HTTPs in the url bar.
This is a UI fail. The browser should never display that alert, any more than it should display an alert to click through proposing that you might want to try a different web site if the one you were trying to reach were simply unreachable. Of course, I realize that this makes captive portals more difficult, but enabling this particular UI fail simply in order to allow captive portals to work is a very expensive solution to an easily solved problem (see http://datatracker.ietf.org/doc/draft-wkumari-dhc-capport/). _______________________________________________ perpass mailing list [email protected] https://www.ietf.org/mailman/listinfo/perpass
