[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Captive-portals] [TLS] FW: New Version Notification for draft-zhou-tls-server-redirect-00.txt



> On 21 Oct 2015, at 7:17 PM, David Bird <[email protected]> wrote:
> 
> +1 for using ICMP to signal blocked by CP :)

The problem with ICMP is that it needs to be handled by the operating system. Existing operating systems will ignore them and they usually don’t get reflected to the browser or other application.

Perhaps a special TLS alert. So the CP still has to MITM the TCP connection (just as in HTTP), but then it just fails the TLS handshake with a captive_portal alert. 

If the browser then does the normal HTTP probe in a special window it should work with an updated browser on a non-updated system. And really, browsers update with new features much more quickly than operating systems.

Yoav