But why do we need to avoid https at all? You can easily have CA-signed certificates and have DNS server resolve the local ourfreewifi.com domain. It’s your domain, you can even set up DNSSEC and it will be fine.
But why do we need to avoid https at all? You can easily have CA-signed certificates and have DNS server resolve the local ourfreewifi.com domain. It’s your domain, you can even set up DNSSEC and it will be fine.
Saves the hotspot portal vendors headaches in debugging. Yes they could (and will be dragged kicking and screaming to do so) just use proxies with certs to intercept traffic but in the short term if they can avoid good practices they will.
How do you tell iOS/Android which website to open? You do that by hijacking the request to http://captive.apple.com and then 301/302 it to your domain, with or without https. If the first request iOS made was to be secure, you’d have to have a valid certificate for captive.apple.com running in your infrastructure OR the iOS would have to allow self-signed without asking for exceptions. Both sound like a terrible idea.