On Thu, Oct 08, 2020 at 12:10:17AM +0200, Alberto Bursi wrote: > On 07/10/20 15:34, abnoeh wrote: >>> However, I think you are assuming a RA/DHCP-based WAN connection. >>> For PPPoE (which is still a thing in a lot of places, including >>> developing world, where last mile is often wifi), this won't work >>> that well. >> >> at the end entire reason we need certificate is we having a >> webserver, and all luci will do at the backend is runningĀ uci >> conmmand, can we run luci on client side, and send uci command to >> ssh, wrap it all under the name of "easy-installer"? >> >> if we don't have webserver we don't need a certificate. or uhttpd, in >> fact. > > Yeah, this is why Android/iOS apps should be considered as a way to > approach this issue.
Not everybody (especially in the developing world, see above) has an Android or iOS device. Also, such an app would still have to either: 1. disregard certificate errors, or 2. handle old (& maybe even revoked) OpenWRT CA signatures/certificates, or 3. be subject to the same limitations as a web browser, defeating the point of an app. I guess you had 1 or 2 in mind, and I can see the appeal - I'm not dismissing your suggestion. However, an app might not be quite the panacea you imagine. 1 would be a security risk for app users, & 2 requires potentially uncomfortable trade-offs between security & usability thus again slightly defeating the point of an app. Ultimate, SSL/TLS on IoT is a hard problem: the two technologies are currently not *fully* mutually compatible without imposing some burden on the user. -- A: When it messes up the order in which people normally read text. Q: When is top-posting a bad thing? () ASCII ribbon campaign. Please avoid HTML emails & proprietary /\ file formats. (Why? See e.g. https://v.gd/jrmGbS ). Thank you. _______________________________________________ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/mailman/listinfo/openwrt-devel
