[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Southwest Airlines captive portal

Subject: Southwest Airlines captive portal
From: rubensk at gmail.com (Rubens Kuhl)
Date: Sat, 27 Feb 2016 20:40:40 -0300
In-reply-to: <[email protected]>
References: <[email protected]>

On Sat, Feb 27, 2016 at 3:26 PM, Frank Bulk <frnkblk at iname.com> wrote:

> Anyone from Southwest Airlines on this list?
>
> On a recent flight I discovered I couldn't complete payment through PayPal
> because my web browsers properly noticed that the Southwest Airlines SSL
> certificate that the captive portal was giving for PayPal didn't match up.
> =)  I had to create an exception for PayPal just to complete payment.
>
>
Perhaps not a captive portal but a TLS accelerator that is sometimes used
in satellite connections, that does act as MITM like corporate security
products but with a performance focus.

Since many commonly used web properties are moving to HSTS + HPKP + CT it
will become increasingly difficult to balance performance and security in
high latency connections, but when it comes to a payment gateway, that
airline should probably turn off acceleration for paypal.com and 3-D Secure
bank pages.

Rubens

Follow-Ups:
- Southwest Airlines captive portal
  - From: yang.yu.list at gmail.com (Yang Yu)

References:
- Southwest Airlines captive portal
  - From: frnkblk at iname.com (Frank Bulk)

Prev by Date: Southwest Airlines captive portal
Next by Date: Southwest Airlines captive portal
Previous by thread: Southwest Airlines captive portal
Next by thread: Southwest Airlines captive portal
Index(es):
- Date
- Thread