- From: Richard Barnes <rbarnes@mozilla.com>
- Date: Thu, 3 Dec 2015 11:39:27 -0500
- To: Craig Francis <craig@craigfrancis.co.uk>
- Cc: "public-webappsec@w3.org" <public-webappsec@w3.org>, security-dev <security-dev@chromium.org>
This would be better for tls@ietf.org Sent from my iPhone. Please excuse brevity. > On Dec 3, 2015, at 11:21, Craig Francis <craig@craigfrancis.co.uk> wrote: > > Hi, > > Not sure where the discussion is happening with TLS 1.3, but just a though... > > When someone first connects to a captive portal (e.g. hotel WiFi), they typically redirect any requests to a login/terms/payment page. > > If that redirect is done for a HTTPS connection, then the browser will/should complain (bad certificate). > > Would it be possible for the TLS 1.3 handshake to support this situation? > > So maybe the browser gets a response which does not attempt to give a certificate, but is simply a URL to redirect the user to. > > Then the browser can show a nice and friendly error message, and a link for the user to load (if they want to). > > Craig
Received on Thursday, 3 December 2015 16:39:59 UTC