Comment by lxgr

Comment by lxgr 2 days ago

3 replies

View on Hacker News

My point is precisely that current browsers and OSes make it impossible to ship a secure-by-default device running a local web server, NAS or otherwise.

Requiring users to install a globally trusted CA is a disaster from a security point of view (now my NAS vendor or anyone that hacks them can pose as google.com!), and for this reason doesn’t even work with modern Android apps anymore, for example.

Dylan16807 a day ago

Offering a layperson NAS buyer a self-signed cert is not "secure by default" even if browsers did accept it.

Reply View 2 replies
  • lxgr a day ago

    Would it be less secure than unencrypted HTTP?

    Reply View 1 reply
    • Dylan16807 18 hours ago

      No.

      But if you want "secure by default" then neither one is acceptable.

      Reply View 0 replies