Do LAN sites need HTTPS? IE wifi router, printer, fax control panel?
I am pro-HTTP for these use cases for as long as browsers have more serious warnings against self signed certs, old SSL/TLS versions and weak algo choices than the warnings for HTTP.
Hardware deserves to be supported as long as it physically works rather than as long as its embedded TLS stays supported
> Do LAN sites need HTTPS? IE wifi router, printer, fax control panel?
Of course. All traffic needs to be encrypted. Why must these not be encrypted?
> I am pro-HTTP for these use cases for as long as browsers have more serious warnings against self signed certs, old SSL/TLS versions and weak algo choices than the warnings for HTTP.
IMO, HTTP-over-TCP support should have been removed from all browsers years ago, solving your self-cert vs HTTP problem.
Good solutions for the LAN use case have been rather weak so far. The two categories of solutions are a) a CA for your LAN. People are OK using this for things like dev servers on localhost, but what you want is to have router that issues DHCP leases also issue IP certs for local devices. b) TLS-TOFU for self-certs. We can even do this over the public web too, but we can also treat self-signed certs on LAN vs. public web differently and report when the identity behind the IP has changed. (Generally a bad idea over the public web because we want to allow key rotation, but that might be fixable by adding multiple keys or some hack like publishing the next key into .well-known/next-key or something -- I'm riffing here.)
> Hardware deserves to be supported as long as it physically works rather than as long as its embedded TLS stays supported
Why? Or put differently, if the manufacturer has stopped providing firmware updates, they've unsupported it no matter what the rest of the world has done. Why should the rest of the world compromise security by design in order to only partially not-break a hardware device that the manufacturer doesn't support? In this one exact scenario? Maybe in the future we can provide a small ethernet-to-ethernet (or wifi-to-wifi) device that wraps a single old TLS device and provides a modern interface to it, if support is that important.
The argument I have in favour of not requiring encryption is best summarised by what you have outlined. It would require a massive industry shift towards no obvious solution with no backwards compatibility that doesn't solve anything
Until I hear a convincing story of how I will do the usual lan tasks of
- connect to my router to fiddle with settings
- see the management interface on my printer
- join my parents network and do things for them without having to explicitly trust a CA
- And most importantly, see consumers who don't understand any of those things be able to do these things all out of the box
I can't see how it is a viable expectation
I totally love encryption. It's great. But seriously: what domain will I visit to fix my pppoe settings. Who's going to control that domain, and who's going to renew the certs for it. Because if the answer we will expect consumers and SMEs to trust a certificate authority created by a factory with its own crappy security practices, I'm not sure how that's an improvement
Otherwise we are breaking things to "fix" something that doesn't "fix" anything. if someone is MITMing my lan, it doesn't matter whether my router is TLS or not. it's compromised
I am pro-HTTP for these use cases for as long as browsers have more serious warnings against self signed certs, old SSL/TLS versions and weak algo choices than the warnings for HTTP.
Hardware deserves to be supported as long as it physically works rather than as long as its embedded TLS stays supported