20.xx: postponse LuCI HTTPS per default

Alberto Bursi bobafetthotmail at gmail.com
Fri Nov 20 11:09:06 EST 2020 


On 20/11/20 16:31, Fernando Frediani wrote:
> Yes, exactly it is only an issue when someone have to access the web 
> interface via wifi. In a home environment that is a small issue.

Not sure how it is a small issue when wifi is the main method used to 
connect to a router and the Internet in a home environment.

> In a 
> more corporate environment there are two options: 1) access is done via 
> wired network or 2) enable HTTPS, which make more sense.

which means that now everyone that wants a secure system has to go for 
additional setup steps, or compile/assemble their own firmware images.

And this for what, because of a one-time popup in the browser?

> 
> Enabling HTTPS by default is still not worth in my view given the extras 
> that come with it and I like the idea of keep the default as simple and 
> possible. 

It is literally one additional click on a button in the browser, and you 
will never see that warning again in that browser after that.

This is nothing if compared to the learning curve to actually install 
and configure OpenWrt additional functionality on a new device.

The only thing I can accept as a valid complaint against https by 
default is the increased minimum space requirements, everything else I 
really don't understand nor agree with.


> Yes it is nice to have everything ready and automated to be 
> done with a few clicks for those cases that require it. In fact I think 
> this would be a better solution for now so it will be possible to gather 
> gradually this transition (or not) from HTTP to HTTPS even for local/lan 
> applications and see how often people would opt to use it.
> 
> Still should it end up having HTTPS by default I see self-signed 
> certificates are the way to go. Yes there are the warnings and I really 
> don't think there is any issue with it.
> Those accessing the router Web Interface are not 'normal' Internet users 
> and they know what they are doing so the warning from self-signed 
> certificates should not be a surprise for them.
> And those cases when admins prefer they can always replace the 
> self-signed one for Let's Encrypt for example.
> 
> Regards
> Fernando


-Alberto

More information about the openwrt-devel mailing list