On Wed, Dec 17, 2014 at 6:50 PM, Sigbjørn Vik <sigbjorn@opera.com> wrote: >> What would happen exactly when >> you visit e.g. google.com from the airport (connected to something >> with a shitty captive portal)? > > Assuming interstitials were replaced with cache separation: > > The browser would detect that this isn't the same secure google you > talked to yesterday, and not share any data you got from google > yesterday with the captive portal. Once you reconnect to the authentic > google, the browser would use the first set of data again. How would the user distinguish this case from cookies expiring, getting lost for some reason, or the monthly two-factor authentication dance? This sounds very dangerous. What if google.com uses certificate pinning? -- https://annevankesteren.nl/Received on Monday, 22 December 2014 12:05:37 UTC
This archive was generated by hypermail 2.3.1 : Monday, 23 October 2017 14:54:08 UTC