W3C home > Mailing lists > Public > ietf-http-wg@w3.org > October to December 2013

Re: Moving forward on improving HTTP's security

From: Roberto Peon <grmocg@gmail.com>
Date: Thu, 14 Nov 2013 12:28:08 -0800
Message-ID: <CAP+FsNcAm3Dkt=7GycnHwOOU=s1KfLubXGBCvdbihtLxdoL+gA@mail.gmail.com>
To: Julian Reschke <julian.reschke@gmx.de>
Cc: (wrong string) ™ˆ™˜Œ) <willchan@chromium.org>, HTTP Working Group <ietf-http-wg@w3.org>, Michael Sweet <msweet@apple.com>, James M Snell <jasnell@gmail.com>, Tim Bray <tbray@textuality.com>, Nicholas Hurley <hurley@todesschaf.org>, Tao Effect <contact@taoeffect.com>, Mike Belshe <mike@belshe.com>, Willy Tarreau <w@1wt.eu>, Stephen Farrell <stephen.farrell@cs.tcd.ie>
A physical point to point connection would work well...
On Nov 14, 2013 8:53 AM, "Julian Reschke" <julian.reschke@gmx.de> wrote:

> On 2013-11-14 19:44, Nicholas Hurley wrote:
>> On Thu, Nov 14, 2013 at 10:37 AM, Zhong Yu <zhong.j.yu@gmail.com
>> <mailto:zhong.j.yu@gmail.com>> wrote:
>>     What about web interfaces on home devices, like routers. They could
>>     benefit from HTTP/2.0, but not so much from TLS.
>> Why not? Do you really like the idea of anyone who happens to be on your
>> network being easily able to see your management password for your home
>> router? Perhaps you have a friend with a particularly malicious sense of
>> humor who might want to break your network. Or a wardriver who broke
>> your WEP encryption (which I still see plenty of in the wild). Or, for
>> that matter, your kids, who may be old enough to be wondering how to get
>> around those parental controls on your fancy new router? (Yeah, I pulled
>> out the "think of the children!" card - not my finest moment, but it's a
>> valid concern in some cases.)
> So how does my home router get a certificate? In particular, if I need to
> configure it first to connect to the internet?
> Best regards, Julian
Received on Thursday, 14 November 2013 20:28:35 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 17:14:19 UTC