W3C home > Mailing lists > Public > ietf-http-wg@w3.org > October to December 2013

Re: Moving forward on improving HTTP's security

From: Nicholas Hurley <hurley@todesschaf.org>
Date: Thu, 14 Nov 2013 10:44:54 -0800
Message-ID: <CANV5PPV91+GSWpha=H+_2=secdRS=bbvgOwMgGSutg02GvTXaw@mail.gmail.com>
To: Zhong Yu <zhong.j.yu@gmail.com>
Cc: (wrong string) ™ˆ™˜Œ) <willchan@chromium.org>, James M Snell <jasnell@gmail.com>, Stephen Farrell <stephen.farrell@cs.tcd.ie>, Michael Sweet <msweet@apple.com>, Nicolas Mailhot <nicolas.mailhot@laposte.net>, Willy Tarreau <w@1wt.eu>, Tao Effect <contact@taoeffect.com>, Tim Bray <tbray@textuality.com>, Mark Nottingham <mnot@mnot.net>, HTTP Working Group <ietf-http-wg@w3.org>
On Thu, Nov 14, 2013 at 10:37 AM, Zhong Yu <zhong.j.yu@gmail.com> wrote:

> What about web interfaces on home devices, like routers. They could
> benefit from HTTP/2.0, but not so much from TLS.

Why not? Do you really like the idea of anyone who happens to be on your
network being easily able to see your management password for your home
router? Perhaps you have a friend with a particularly malicious sense of
humor who might want to break your network. Or a wardriver who broke your
WEP encryption (which I still see plenty of in the wild). Or, for that
matter, your kids, who may be old enough to be wondering how to get around
those parental controls on your fancy new router? (Yeah, I pulled out the
"think of the children!" card - not my finest moment, but it's a valid
concern in some cases.)
Received on Thursday, 14 November 2013 18:45:22 UTC

This archive was generated by hypermail 2.4.0 : Thursday, 2 February 2023 18:43:38 UTC