nanog mailing list archives

Re: Southwest Airlines captive portal

From: Rubens Kuhl <rubensk () gmail com>
Date: Sat, 27 Feb 2016 20:40:40 -0300

On Sat, Feb 27, 2016 at 3:26 PM, Frank Bulk <frnkblk () iname com> wrote:

Anyone from Southwest Airlines on this list?

On a recent flight I discovered I couldn't complete payment through PayPal
because my web browsers properly noticed that the Southwest Airlines SSL
certificate that the captive portal was giving for PayPal didn't match up.
=)  I had to create an exception for PayPal just to complete payment.

Perhaps not a captive portal but a TLS accelerator that is sometimes used
in satellite connections, that does act as MITM like corporate security
products but with a performance focus.

Since many commonly used web properties are moving to HSTS + HPKP + CT it
will become increasingly difficult to balance performance and security in
high latency connections, but when it comes to a payment gateway, that
airline should probably turn off acceleration for paypal.com and 3-D Secure
bank pages.


Rubens

Current thread:

Southwest Airlines captive portal Frank Bulk (Feb 27)
- RE: Southwest Airlines captive portal Damien Burke (Feb 27)
  - Re: Southwest Airlines captive portal Paras Jha (Feb 27)
    - Re: Southwest Airlines captive portal Peter Loron (Feb 27)
    - RE: Southwest Airlines captive portal Frank Bulk (Feb 27)
- Re: Southwest Airlines captive portal Constantine A. Murenin (Feb 27)
  - Re: Southwest Airlines captive portal Marcin Cieslak (Feb 27)
- Re: Southwest Airlines captive portal Rubens Kuhl (Feb 27)
  - Re: Southwest Airlines captive portal Yang Yu (Feb 27)