
Captive-Portal Identification Using DHCP or Router Advertisements (RAs) - _jomo
https://tools.ietf.org/html/rfc7710
======
_jomo
I think this is much needed. Currently, devices try to make requests to
"special sites" [0] and compare the responses to hardcoded expectations.

The WiFi operators usually try to redirect to (or inject) the captive portal
site, where the DNS server and/or gateway do some MITM. If you use DNSCrpyt,
or if they only MITM on HTTP and you use a custom DNS server, then you'll
simply end up with connection errors. Connecting to a site with HTTPS
(intentionally or due to HSTS) will also fail because it can't be redirected.

The only way to fix this is obtaining a valid SSL CA cert to redirect HTTPS
traffic (not really :) - or this approach via DHCP/RAs.

0: e.g. [http://www.google.com/blank.html](http://www.google.com/blank.html),
[http://www.google.com/generate_204](http://www.google.com/generate_204)

