20.xx: postponse LuCI HTTPS per default

Alberto Bursi bobafetthotmail at gmail.com
Fri Nov 20 11:32:10 EST 2020 


On 20/11/20 17:17, Fernando Frediani wrote:
> Hi Alberto
> 
> On 20/11/2020 13:09, Alberto Bursi wrote:
>>
>> <clip>
>>
>> The only thing I can accept as a valid complaint against https by 
>> default is the increased minimum space requirements, everything else I 
>> really don't understand nor agree with.
> 
> It's exactly this I am referring to when I talk about the extras not the 
> steps the user will take to enable it. So why I mentioned to leave it as 
> optional and easy to do for those who wish (and have space) to have it.
> 

Devices with low flash space (and RAM) are already receiving special 
treatment (different compile options, different default packages) to 
lower space footprint.

These devices can (should?) be left out of the "https by default" easily.

But I would be strongly against degrading security for everyone just 
because of these devices.

-Alberto

> Regards
> Fernando
> 
>>
>>
>>> Yes it is nice to have everything ready and automated to be done with 
>>> a few clicks for those cases that require it. In fact I think this 
>>> would be a better solution for now so it will be possible to gather 
>>> gradually this transition (or not) from HTTP to HTTPS even for 
>>> local/lan applications and see how often people would opt to use it.
>>>
>>> Still should it end up having HTTPS by default I see self-signed 
>>> certificates are the way to go. Yes there are the warnings and I 
>>> really don't think there is any issue with it.
>>> Those accessing the router Web Interface are not 'normal' Internet 
>>> users and they know what they are doing so the warning from 
>>> self-signed certificates should not be a surprise for them.
>>> And those cases when admins prefer they can always replace the 
>>> self-signed one for Let's Encrypt for example.
>>>
>>> Regards
>>> Fernando
>>
>>
>> -Alberto
>>
>> _______________________________________________
>> openwrt-devel mailing list
>> openwrt-devel at lists.openwrt.org
>> https://lists.openwrt.org/mailman/listinfo/openwrt-devel
> 
> _______________________________________________
> openwrt-devel mailing list
> openwrt-devel at lists.openwrt.org
> https://lists.openwrt.org/mailman/listinfo/openwrt-devel

More information about the openwrt-devel mailing list