W3C home > Mailing lists > Public > public-webappsec@w3.org > December 2014

Re: [blink-dev] Re: Proposal: Marking HTTP As Non-Secure

From: Gervase Markham <gerv@mozilla.org>
Date: Mon, 22 Dec 2014 11:36:06 +0000
Message-ID: <54980226.8090608@mozilla.org>
To: chaals@yandex-team.ru, Anne van Kesteren <annevk@annevk.nl>, Sigbjørn Vik <sigbjorn@opera.com>
CC: Chris Palmer <palmer@google.com>, "tylerl@google.com" <tylerl@google.com>, WebAppSec WG <public-webappsec@w3.org>, "dev-security@lists.mozilla.org" <dev-security@lists.mozilla.org>, blink-dev <blink-dev@chromium.org>, "security-dev@chromium.org" <security-dev@chromium.org>
To: mozilla-dev-security@lists.mozilla.org
On 17/12/14 18:44, chaals@yandex-team.ru wrote:
> This is a pretty interesting use case. When you connect at the
> airport, the typical first thing that happens is you get a warning
> saying that the site you want to connect to has the wrong certificate
> (you went to pogoda.yandex.ru but the certtificate is for
> airport.logins.aero, or 1.1.1.1).

If the URL and the target are in different public-suffix+1, that screen
should have a button "I'm trying to connect to a Wifi hotspot" :-) That
then changes to an appropriate URL to get the login page.

Gerv
Received on Monday, 22 December 2014 11:36:38 UTC

This archive was generated by hypermail 2.3.1 : Monday, 23 October 2017 14:54:08 UTC