- From: Zhong Yu <zhong.j.yu@gmail.com>
- Date: Thu, 14 Nov 2013 13:43:59 -0600
- To: Nicholas Hurley <hurley@todesschaf.org>
- Cc: Mike Belshe <mike@belshe.com>, William Chan (???) <willchan@chromium.org>, James M Snell <jasnell@gmail.com>, Stephen Farrell <stephen.farrell@cs.tcd.ie>, Michael Sweet <msweet@apple.com>, Nicolas Mailhot <nicolas.mailhot@laposte.net>, Willy Tarreau <w@1wt.eu>, Tao Effect <contact@taoeffect.com>, Tim Bray <tbray@textuality.com>, Mark Nottingham <mnot@mnot.net>, HTTP Working Group <ietf-http-wg@w3.org>
On Thu, Nov 14, 2013 at 12:44 PM, Nicholas Hurley <hurley@todesschaf.org> wrote: > On Thu, Nov 14, 2013 at 10:37 AM, Zhong Yu <zhong.j.yu@gmail.com> wrote: >> >> What about web interfaces on home devices, like routers. They could >> benefit from HTTP/2.0, but not so much from TLS. > > > Why not? Do you really like the idea of anyone who happens to be on your > network being easily able to see your management password for your home > router? Perhaps you have a friend with a particularly malicious sense of > humor who might want to break your network. Or a wardriver who broke your > WEP encryption (which I still see plenty of in the wild). Or, for that > matter, your kids, who may be old enough to be wondering how to get around > those parental controls on your fancy new router? (Yeah, I pulled out the > "think of the children!" card - not my finest moment, but it's a valid > concern in some cases.) It'll be too fun to contemplate attack factors from close family members. There are so many security holes in your house if your resourceful child is an adversary. The router could even be replaced without you knowing it.
Received on Thursday, 14 November 2013 19:44:26 UTC