On 20/11/20 16:31, Fernando Frediani wrote:
Yes, exactly it is only an issue when someone have to access the web
interface via wifi. In a home environment that is a small issue.
Not sure how it is a small issue when wifi is the main method used to
connect to a router and the Internet in a home environment.
In a
more corporate environment there are two options: 1) access is done via
wired network or 2) enable HTTPS, which make more sense.
which means that now everyone that wants a secure system has to go for
additional setup steps, or compile/assemble their own firmware images.
And this for what, because of a one-time popup in the browser?
Enabling HTTPS by default is still not worth in my view given the extras
that come with it and I like the idea of keep the default as simple and
possible.
It is literally one additional click on a button in the browser, and you
will never see that warning again in that browser after that.
This is nothing if compared to the learning curve to actually install
and configure OpenWrt additional functionality on a new device.
The only thing I can accept as a valid complaint against https by
default is the increased minimum space requirements, everything else I
really don't understand nor agree with.
Yes it is nice to have everything ready and automated to be
done with a few clicks for those cases that require it. In fact I think
this would be a better solution for now so it will be possible to gather
gradually this transition (or not) from HTTP to HTTPS even for local/lan
applications and see how often people would opt to use it.
Still should it end up having HTTPS by default I see self-signed
certificates are the way to go. Yes there are the warnings and I really
don't think there is any issue with it.
Those accessing the router Web Interface are not 'normal' Internet users
and they know what they are doing so the warning from self-signed
certificates should not be a surprise for them.
And those cases when admins prefer they can always replace the
self-signed one for Let's Encrypt for example.
Regards
Fernando
-Alberto
_______________________________________________
openwrt-devel mailing list
[email protected]
https://lists.openwrt.org/mailman/listinfo/openwrt-devel
