"Paul Spooren" <m...@aparcar.org> writes: > The current list of release goals for 20.xx states[0] that LuCI should > use HTTPS per default. This works by creating on-device a self-signed > certificate. Self-signed certificates result in warnings and may cause > more harm than good, multiple discussion are found in the mail archive.
I believe the certificate discussion is a side-track. The problem you are trying to solve is not specific to OpenWrt. I am all for making OpenWrt better than the rest of the world, but there's gotta be some realistic limits to that.. Every embedded device with https support use a self-signed sertificate of some sort today. OpenWrt can do that too. Doing so does not prevent a better solution in the future, if there ever is one. The underlying issue should be considered a browser security bug IMHO. Failing to support standalone embedded https is compromising security by making certificate warnings unavoidable. Bjørn _______________________________________________ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/mailman/listinfo/openwrt-devel
