20.xx: postponse LuCI HTTPS per default
Alberto Bursi
bobafetthotmail at gmail.com
Fri Nov 20 12:44:12 EST 2020
On 20/11/20 17:47, W. Michael Petullo wrote:
>>> I think making use of self-signed certificates in production is a bad
>>> idea because (1) it reinforces poor practices, namely electing to trust
>>> a self-signed certificate and (2) it does not authenticate the
>>> server/router, a critical piece of the TLS security model.
>
>> maybe, but it's still better than sending all communication to the
>> management interface as plain text.
>
> What is the difference between transmitting packets containing cleartext
> and transmitting encrypted packets to a party whose identity you do
> not know?
What are you talking about? After the initial "pairing" process where
you see the warning, the browser remembers the certificate for all
subsequent connections.
If the certificate changes (and it will change only if you do a firmware
reset to default settings) you will see the the warning again.
So you are just changing a CA-based system to a local pairing system.
> What I am arguing is that just falling back on
> self-signed certificates in order to turn on HTTPS is not a good solution
> and is in fact counter-productive.
>
I disgree with your argument, self-signed certificates are NOT less
secure than http. Pairing is fine and secure even if you don't have the
certificate mafia to "assure" that something is trusted.
More information about the openwrt-devel
mailing list