Re: Moving forward on improving HTTP's security from Nicholas Hurley on 2013-11-14 (ietf-http-wg@w3.org from October to December 2013)

From: Nicholas Hurley <hurley@todesschaf.org>
Date: Thu, 14 Nov 2013 10:44:54 -0800
To: Zhong Yu <zhong.j.yu@gmail.com>
Cc: Mike Belshe <mike@belshe.com>, William Chan (陈智昌) <willchan@chromium.org>, James M Snell <jasnell@gmail.com>, Stephen Farrell <stephen.farrell@cs.tcd.ie>, Michael Sweet <msweet@apple.com>, Nicolas Mailhot <nicolas.mailhot@laposte.net>, Willy Tarreau <w@1wt.eu>, Tao Effect <contact@taoeffect.com>, Tim Bray <tbray@textuality.com>, Mark Nottingham <mnot@mnot.net>, HTTP Working Group <ietf-http-wg@w3.org>
Message-ID: <CANV5PPV91+GSWpha=H+_2=secdRS=bbvgOwMgGSutg02GvTXaw@mail.gmail.com>

On Thu, Nov 14, 2013 at 10:37 AM, Zhong Yu <zhong.j.yu@gmail.com> wrote:

> What about web interfaces on home devices, like routers. They could
> benefit from HTTP/2.0, but not so much from TLS.
>

Why not? Do you really like the idea of anyone who happens to be on your
network being easily able to see your management password for your home
router? Perhaps you have a friend with a particularly malicious sense of
humor who might want to break your network. Or a wardriver who broke your
WEP encryption (which I still see plenty of in the wild). Or, for that
matter, your kids, who may be old enough to be wondering how to get around
those parental controls on your fancy new router? (Yeah, I pulled out the
"think of the children!" card - not my finest moment, but it's a valid
concern in some cases.)

Received on Thursday, 14 November 2013 18:45:22 UTC