20.xx: postponse LuCI HTTPS per default
Bjørn Mork
bjorn at mork.no
Fri Nov 20 04:54:32 EST 2020
"Paul Spooren" <mail at aparcar.org> writes:
> The current list of release goals for 20.xx states[0] that LuCI should
> use HTTPS per default. This works by creating on-device a self-signed
> certificate. Self-signed certificates result in warnings and may cause
> more harm than good, multiple discussion are found in the mail archive.
I believe the certificate discussion is a side-track. The problem you
are trying to solve is not specific to OpenWrt. I am all for making
OpenWrt better than the rest of the world, but there's gotta be some
realistic limits to that..
Every embedded device with https support use a self-signed sertificate
of some sort today. OpenWrt can do that too. Doing so does not prevent
a better solution in the future, if there ever is one.
The underlying issue should be considered a browser security bug IMHO.
Failing to support standalone embedded https is compromising security by
making certificate warnings unavoidable.
Bjørn
More information about the openwrt-devel
mailing list