W3C home > Mailing lists > Public > ietf-http-wg@w3.org > October to December 2013

Re: Moving forward on improving HTTP's security

From: Julian Reschke <julian.reschke@gmx.de>
Date: Thu, 14 Nov 2013 19:52:23 +0100
Message-ID: <52851BE7.2070000@gmx.de>
To: Nicholas Hurley <hurley@todesschaf.org>, Zhong Yu <zhong.j.yu@gmail.com>
CC: Mike Belshe <mike@belshe.com>, "William Chan (ι™ˆζ™Ίζ˜Œ)" <willchan@chromium.org>, James M Snell <jasnell@gmail.com>, Stephen Farrell <stephen.farrell@cs.tcd.ie>, Michael Sweet <msweet@apple.com>, Nicolas Mailhot <nicolas.mailhot@laposte.net>, Willy Tarreau <w@1wt.eu>, Tao Effect <contact@taoeffect.com>, Tim Bray <tbray@textuality.com>, Mark Nottingham <mnot@mnot.net>, HTTP Working Group <ietf-http-wg@w3.org>
On 2013-11-14 19:44, Nicholas Hurley wrote:
> On Thu, Nov 14, 2013 at 10:37 AM, Zhong Yu <zhong.j.yu@gmail.com
> <mailto:zhong.j.yu@gmail.com>> wrote:
>
>     What about web interfaces on home devices, like routers. They could
>     benefit from HTTP/2.0, but not so much from TLS.
>
>
> Why not? Do you really like the idea of anyone who happens to be on your
> network being easily able to see your management password for your home
> router? Perhaps you have a friend with a particularly malicious sense of
> humor who might want to break your network. Or a wardriver who broke
> your WEP encryption (which I still see plenty of in the wild). Or, for
> that matter, your kids, who may be old enough to be wondering how to get
> around those parental controls on your fancy new router? (Yeah, I pulled
> out the "think of the children!" card - not my finest moment, but it's a
> valid concern in some cases.)

So how does my home router get a certificate? In particular, if I need 
to configure it first to connect to the internet?

Best regards, Julian
Received on Thursday, 14 November 2013 18:52:56 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 1 March 2016 11:11:19 UTC