20.xx: postponse LuCI HTTPS per default

Alberto Bursi bobafetthotmail at gmail.com
Thu Nov 26 04:09:16 EST 2020



On 26/11/20 06:57, suchan wrote:
> 
> 2020-11-21 오전 12:31에 Fernando Frediani 이(가) 쓴 글:
>> Yes, exactly it is only an issue when someone have to access the web
>> interface via wifi. In a home environment that is a small issue. In a
>> more corporate environment there are two options: 1) access is done
>> via wired network or 2) enable HTTPS, which make more sense.
>>
>> Enabling HTTPS by default is still not worth in my view given the
>> extras that come with it and I like the idea of keep the default as
>> simple and possible. Yes it is nice to have everything ready and
>> automated to be done with a few clicks for those cases that require
>> it. In fact I think this would be a better solution for now so it will
>> be possible to gather gradually this transition (or not) from HTTP to
>> HTTPS even for local/lan applications and see how often people would
>> opt to use it.
>>
>> Still should it end up having HTTPS by default I see self-signed
>> certificates are the way to go. Yes there are the warnings and I
>> really don't think there is any issue with it.
>> Those accessing the router Web Interface are not 'normal' Internet
>> users and they know what they are doing so the warning from
>> self-signed certificates should not be a surprise for them.
>> And those cases when admins prefer they can always replace the
>> self-signed one for Let's Encrypt for example.
>>
>> Regards
>> Fernando
>>
> 
> if we move to https by default them it will include acme client by
> default too?
> 

We can't assume the device after installation will have internet access 
to request/renew a Let'sEncrypt certificate or something else from 
another provider, so I don't think including a client by default will be 
useful

-Alberto



More information about the openwrt-devel mailing list