[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Captive-portals] A new draft / idea - draft-wkumari-capport-icmp-unreach

David Bird <[email protected]> wrote:
    > Though, having a SSL cert doesn't necessarily mean it's the "right"
    > website.  I don't think we have to require HTTPS in all situations, but
    > I could be convinced otherwise.

Absent the problem of the web-CAs being corrupted, HTTPS means that the name
in the browser location bar, and the web site reached are the same.
The browser makes decisions about what to send based upon that data, so
that's why it matters.

HTTP can't promise that.

    > I don't disagree... My point is simply that a network, Open or
    > otherwise, without CP (or with CP that whitelisted the OS CP detection
    > end-points) render this sandbox browser feature useless. Moreover, why
    > would a Client STOP using the sandbox browser after "authentication"
    > (does the client all the sudden trust this (probably open) public
    > access network more now?).

Using a sandboxed browsers for HTTP sites makes a lot of sense to me :-)

Michael Richardson <[email protected]>, Sandelman Software Works
 -= IPv6 IoT consulting =-

Attachment: signature.asc
Description: PGP signature