20.xx: postponse LuCI HTTPS per default

Alberto Bursi bobafetthotmail at gmail.com
Fri Nov 20 15:58:43 EST 2020



On 20/11/20 20:23, Paul Spooren wrote:
> On Fri Nov 20, 2020 at 7:35 AM HST, Adrian Schmutzler wrote:
>> Hi,
>>
>>> -----Original Message-----
>>> From: openwrt-devel [mailto:openwrt-devel-bounces at lists.openwrt.org]
>>> On Behalf Of Alberto Bursi
>>> Sent: Freitag, 20. November 2020 17:32
>>> To: openwrt-devel at lists.openwrt.org
>>> Subject: Re: 20.xx: postponse LuCI HTTPS per default
>>>
>>>
>>>
>>> On 20/11/20 17:17, Fernando Frediani wrote:
>>>> Hi Alberto
>>>>
>>>> On 20/11/2020 13:09, Alberto Bursi wrote:
>>>>>
>>>>> <clip>
>>>>>
>>>>> The only thing I can accept as a valid complaint against https by
>>>>> default is the increased minimum space requirements, everything else
>>>>> I really don't understand nor agree with.
>>>>
>>>> It's exactly this I am referring to when I talk about the extras not
>>>> the steps the user will take to enable it. So why I mentioned to leave
>>>> it as optional and easy to do for those who wish (and have space) to have
>>> it.
>>>>
>>>
>>> Devices with low flash space (and RAM) are already receiving special
>>> treatment (different compile options, different default packages) to lower
>>> space footprint.
>>>
>>> These devices can (should?) be left out of the "https by default" easily.
>>
>> No, this is not an option. We certainly won't have (read "maintain")
>> _two_ defaults for a matter like this.
>>
>> Apart from that, this discussion was not intended to discuss the various
>> options _again_, but to ask whether we should have "https by default" as
>> a _blocker_ for the next release.
>> Personally, since the discussion seems to be as open and unresolved as a
>> few months ago, I'm against making this a blocker. I'm curious where the
>> whole topic evolves to, but that's not the subject of this thread.
> 
> How about we use `luci-ssl` per default but set `redirect_https` to 0.
> This way everyone can access in a secure way, without changing the
> current user experience.
> 
> An optional combination of Luiz idea could warn the users using HTTP,
> allowing to "ignore" or "activate redirect".
> 
> I think that's a feasible solution for 20.xx. Spinning up a massive
> HTTPS dDNS or defining a new standard accepted in all common browsers
> seems a bit out of scope, for now.
> 
> Paul
> 

I'm not sure what you are accomplishing with this beyond increasing the 
default image size.

The way I see it, we either switch to https by default or we don't.

Adding luci-ssl without redirect manages to annoy both types of users 
for no reason imho.

It is just bloat for people using http, it's inconvenient for those that 
use https and would have liked the redirect to work by default

-Alberto



More information about the openwrt-devel mailing list