[187881] in North American Network Operators' Group
Re: Southwest Airlines captive portal
daemon@ATHENA.MIT.EDU (Rubens Kuhl)
Sat Feb 27 18:40:49 2016
X-Original-To: nanog@nanog.org
In-Reply-To: <000a01d1718c$686eff80$394cfe80$@iname.com>
Date: Sat, 27 Feb 2016 20:40:40 -0300
From: Rubens Kuhl <rubensk@gmail.com>
To: Nanog <nanog@nanog.org>
Errors-To: nanog-bounces@nanog.org
On Sat, Feb 27, 2016 at 3:26 PM, Frank Bulk <frnkblk@iname.com> wrote:
> Anyone from Southwest Airlines on this list?
>
> On a recent flight I discovered I couldn't complete payment through PayPal
> because my web browsers properly noticed that the Southwest Airlines SSL
> certificate that the captive portal was giving for PayPal didn't match up.
> =) I had to create an exception for PayPal just to complete payment.
>
>
Perhaps not a captive portal but a TLS accelerator that is sometimes used
in satellite connections, that does act as MITM like corporate security
products but with a performance focus.
Since many commonly used web properties are moving to HSTS + HPKP + CT it
will become increasingly difficult to balance performance and security in
high latency connections, but when it comes to a payment gateway, that
airline should probably turn off acceleration for paypal.com and 3-D Secure
bank pages.
Rubens
