[RFC] self-signed certificates for LuCI
Rich Brown
richb.hanover at gmail.com
Tue Sep 1 10:58:08 EDT 2020
Besides the "project management" concerns expressed in my earlier note, I also share Karl Palsson's worries...
> On Sep 1, 2020, at 9:04 AM, Karl Palsson <karlp at tweak.net.au> wrote:
>
> With this change, the very first thing users see is a browser
> warning telling the user very very very bad things about what
> they would have to do to continue, and we are simply going to
> train users to "just click through the warnings" I see that as a
> serious step backwards for security and society as a whole.
I see the last sentence as the most important one. Training people to, "Just click through..." without an ounce of preparation (making them check a box/install a cert/etc.) is BAD.
Sorry for the apolyptic language. But we can hold this off 'til after we release 20.0x to be sure we have all our ducks in a row. Thanks for listening.
Rich
More information about the openwrt-devel
mailing list