<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40"><head><meta http-equiv=Content-Type content="text/html; charset=utf-8"><meta name=Generator content="Microsoft Word 14 (filtered medium)"><!--[if !mso]><style>v\:* {behavior:url(#default#VML);}
o\:* {behavior:url(#default#VML);}
w\:* {behavior:url(#default#VML);}
.shape {behavior:url(#default#VML);}
</style><![endif]--><style><!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0cm;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman","serif";}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
p
{mso-style-priority:99;
mso-margin-top-alt:auto;
margin-right:0cm;
mso-margin-bottom-alt:auto;
margin-left:0cm;
font-size:12.0pt;
font-family:"Times New Roman","serif";}
span.EmailStyle18
{mso-style-type:personal-reply;
font-family:"Calibri","sans-serif";
color:#1F497D;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page WordSection1
{size:612.0pt 792.0pt;
margin:72.0pt 72.0pt 72.0pt 72.0pt;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]--></head><body bgcolor=white lang=EN-AU link=blue vlink=purple><div class=WordSection1><p class=MsoNormal><span style='color:#1F497D'>This is a great question Skeeve, esp given that the reason you are seeing more and more HTTPS is due to the proliferation and publicity of Firesheep et al. I would personally be happy for all public hotspots to disallow all cleartext traffic by default anyway, as in this day and age checking your POP3 mail from an airport lounge should be a sackable offence! <o:p></o:p></span></p><p class=MsoNormal><span style='color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><span style='color:#1F497D'>Users need to be very weary of certificate warnings whilst on hotspots, so to cause them or teach people to ignore them or work around them in the name of ‘enhancing the user experience’ is problematic on many levels. <o:p></o:p></span></p><p class=MsoNormal><span style='color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><span style='color:#1F497D'>As Lloyd says, if they use anything other than a browser, then it simply won’t work, so why should Https be treated differently? – Captive portals are pretty commonplace now, and I believe it’s fair to expect people to understand that they need to fire up http in a browser in order to get started, you can augment this with patronising printed instructions in primary colours for ‘C’ level execs and the like.</span><o:p></o:p></p><div><p class=MsoNormal style='margin-bottom:12.0pt'><br>On 5 Jul 2012, at 20:38, Skeeve Stevens <<a href="mailto:skeeve+ausnog@eintellego.net">skeeve+ausnog@eintellego.net</a>> wrote:<o:p></o:p></p></div><blockquote style='margin-top:5.0pt;margin-bottom:5.0pt'><div><p class=MsoNormal>Hey all,<o:p></o:p></p><div><p class=MsoNormal><o:p> </o:p></p></div><div><p class=MsoNormal>Given the discussions happening on the list at the moment and what happened with Telstra, and a particular project I am working on at the moment, I thought I would seek the community's comments.<o:p></o:p></p></div><div><p class=MsoNormal><o:p> </o:p></p></div><div><p class=MsoNormal>In simple terms, the project is a wireless hotspot for a particular purpose. The hotspot provides content (all legal) and after a product purchase, internet access for a period of time. All that is simple and nothing many people aren't already doing.<o:p></o:p></p></div><div><p class=MsoNormal><o:p> </o:p></p></div><div><p class=MsoNormal>The issue that I've recently come up against is HTTPS. Many sites are moving to HTTPS as default. Facebook, Google, etc etc are starting to use it more and more. Now this is not a problem at all, and fully supported as normal web traffic should be.<o:p></o:p></p></div><div><p class=MsoNormal><o:p> </o:p></p></div><div><p class=MsoNormal>The problem we're facing is that as per normal hotspot solutions, when a user connects to the hotspot, they get an IP. Then they start a browser, and if it goes to a home-page, it gets redirected to a captive portal page where they click some terms and we move on.<o:p></o:p></p></div><div><p class=MsoNormal><o:p> </o:p></p></div><div><p class=MsoNormal>Now that many people are having a HTTPS address as their 'home/startpage/etc', the HTTPS not able to get anywhere and breaking. So to solve this issue, we now also intercept 443 - HTTPD and redirect it back to the portal.<o:p></o:p></p></div><div><p class=MsoNormal><o:p> </o:p></p></div><div><p class=MsoNormal>Due to the user trying to go to <a href="https://blah.com/">https://blah.com/</a> being re-directed, the browser is freaking out with an interception or man-in-the-middle attack potential alert and so on. <o:p></o:p></p></div><div><p class=MsoNormal><o:p> </o:p></p></div><div><p class=MsoNormal>Now, I think its possible to work our way around this, but the question remains - "Is intercepting HTTPS for redirection purposes - an interception issue" ?<o:p></o:p></p></div><div><p class=MsoNormal><o:p> </o:p></p></div><div><p class=MsoNormal>I am sure there are lots of people who have had this problem and may (or may not) have a way around it... but the question is - is there any legal issues here we have to worry about?<o:p></o:p></p></div><div><p class=MsoNormal><o:p> </o:p></p></div><div><p class=MsoNormal>Comments welcome.<o:p></o:p></p><div><div><p class=MsoNormal style='margin-bottom:12.0pt'><o:p> </o:p></p></div><div><p class=MsoNormal><b><span style='font-size:10.0pt;font-family:"Calibri","sans-serif"'>Skeeve Stevens, CEO - </span></b><span style='font-size:10.0pt;font-family:"Calibri","sans-serif"'>eintellego Pty Ltd</span><o:p></o:p></p></div><div><div><p class=MsoNormal><span style='font-size:10.0pt;font-family:"Calibri","sans-serif"'><a href="mailto:skeeve@eintellego.net" target="_blank">skeeve@eintellego.net</a> ; <a href="http://www.eintellego.net/" target="_blank">www.eintellego.net</a><span style='color:black'><o:p></o:p></span></span></p><p style='margin:0cm;margin-bottom:.0001pt'><span style='font-size:10.0pt;font-family:"Calibri","sans-serif";color:black'>Phone: 1300 753 383; Cell +61 (0)414 753 383 ; skype://skeeve<o:p></o:p></span></p><p style='margin:0cm;margin-bottom:.0001pt'><span style='font-size:10.0pt;font-family:"Calibri","sans-serif";color:black'><a href="http://facebook.com/eintellego" target="_blank">facebook.com/eintellego</a> ; <a href="http://linkedin.com/in/skeeve" target="_blank">linkedin.com/in/skeeve</a> <o:p></o:p></span></p><p style='margin:0cm;margin-bottom:.0001pt'><span style='font-size:10.0pt;font-family:"Calibri","sans-serif";color:black'><a href="http://twitter.com/networkceoau" target="_blank">twitter.com/networkceoau</a> ; blog: <a href="http://www.network-ceo.net/" target="_blank">www.network-ceo.net</a><o:p></o:p></span></p></div></div><div><div><div><div><p class=MsoNormal><span style='font-size:10.0pt;font-family:"Calibri","sans-serif";color:#7F007F'><img border=0 id="_x0000_i1029" src="http://eintellego.net/sig/logo.png"><o:p></o:p></span></p></div><p class=MsoNormal><span style='font-size:10.0pt;font-family:"Calibri","sans-serif";color:#7F007F'>The Experts Who The Experts Call</span><span style='font-family:"Calibri","sans-serif"'><o:p></o:p></span></p></div><div><p class=MsoNormal><span style='font-size:10.0pt;font-family:"Calibri","sans-serif";color:#002060'>Juniper - Cisco – IBM</span><span style='font-size:10.5pt;font-family:"Calibri","sans-serif";color:#7F007F'><o:p></o:p></span></p></div></div></div><p class=MsoNormal><o:p> </o:p></p></div></div></div></blockquote><blockquote style='margin-top:5.0pt;margin-bottom:5.0pt'><div><p class=MsoNormal>_______________________________________________<br>AusNOG mailing list<br><a href="mailto:AusNOG@lists.ausnog.net">AusNOG@lists.ausnog.net</a><br><a href="http://lists.ausnog.net/mailman/listinfo/ausnog">http://lists.ausnog.net/mailman/listinfo/ausnog</a><o:p></o:p></p></div></blockquote><p class=MsoNormal><o:p> </o:p></p><p>Message protected by MailGuard: e-mail anti-virus, anti-spam and content filtering.<br><a href="http://www.mailguard.com.au/mg">http://www.mailguard.com.au/mg</a><o:p></o:p></p><p class=MsoNormal><br><a href="https://login.mailguard.com.au/report/1F4X40VsQu/5YBFmmql2bDiTZyD7jzVzu/1.726">Report this message as spam</a> <br> <o:p></o:p></p></div></body></html><br><p>Message protected by MailGuard: e-mail anti-virus, anti-spam and content filtering.<br /><a href="http://www.mailguard.com.au/mg">http://www.mailguard.com.au/mg</a></p>
<!-- MailGuard Message ID: 4ff62f4f2f1077 - use this number for reporting -->
<br> <br>