Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

I use captive.apple.com regularly but just realized that https was the issue being worked around on WiFi. Learning something new.


What do you mean by "the issue being worked around"?

The issue is that https cannot be intercepted by such an access point, and is increasingly popular for all types of web use. "Being worked around" makes it sound like something different, perhaps even sinister.


He means that TLS on all domains breaks some use-cases and thus, in those cases, there needs to be some way of working around the situation presented.

You can argue the merits of this being a good thing or not. But it’s fair to call it a work around.


Consumer operating systems started detecting captive portals long ago, and at a time when HTTPS was much less common than it is today for casual usage. Post-Snowden, there has really been a multi-industry push to use HTTPS everywhere even for "boring" use cases where a naive person wouldn't assume snooping to have much consequence. But captive portal detection appeared from Microsoft, Apple, Google, etc. years before that push.

HTTPS absolutely should reject a captive portal trying to hijack it, that is the point of it.

But "work around HTTPS" remains a weird way to describe this. The captive portal is the culprit in need of a workaround, not https which is doing what it's supposed to be.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: