W3C home > Mailing lists > Public > ietf-http-wg@w3.org > October to December 2013

Re: Moving forward on improving HTTP's security

From: Zhong Yu <zhong.j.yu@gmail.com>
Date: Thu, 14 Nov 2013 13:43:59 -0600
Message-ID: <CACuKZqEzvCeRNRbPwxB5w+jAidZtvBpwATcpJHUxcT8-xZB7uA@mail.gmail.com>
To: Nicholas Hurley <hurley@todesschaf.org>
Cc: (wrong string) ™ˆ™˜Œ) <willchan@chromium.org>, James M Snell <jasnell@gmail.com>, Stephen Farrell <stephen.farrell@cs.tcd.ie>, Michael Sweet <msweet@apple.com>, Nicolas Mailhot <nicolas.mailhot@laposte.net>, Willy Tarreau <w@1wt.eu>, Tao Effect <contact@taoeffect.com>, Tim Bray <tbray@textuality.com>, Mark Nottingham <mnot@mnot.net>, HTTP Working Group <ietf-http-wg@w3.org>
On Thu, Nov 14, 2013 at 12:44 PM, Nicholas Hurley <hurley@todesschaf.org> wrote:
> On Thu, Nov 14, 2013 at 10:37 AM, Zhong Yu <zhong.j.yu@gmail.com> wrote:
>>
>> What about web interfaces on home devices, like routers. They could
>> benefit from HTTP/2.0, but not so much from TLS.
>
>
> Why not? Do you really like the idea of anyone who happens to be on your
> network being easily able to see your management password for your home
> router? Perhaps you have a friend with a particularly malicious sense of
> humor who might want to break your network. Or a wardriver who broke your
> WEP encryption (which I still see plenty of in the wild). Or, for that
> matter, your kids, who may be old enough to be wondering how to get around
> those parental controls on your fancy new router? (Yeah, I pulled out the
> "think of the children!" card - not my finest moment, but it's a valid
> concern in some cases.)

It'll be too fun to contemplate attack factors from close family
members. There are so many security holes in your house if your
resourceful child is an adversary. The router could even be replaced
without you knowing it.
Received on Thursday, 14 November 2013 19:44:26 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 1 March 2016 11:11:19 UTC