Hacker News new | ask | show | jobs
by lxgr 632 days ago
My point is precisely that current browsers and OSes make it impossible to ship a secure-by-default device running a local web server, NAS or otherwise.

Requiring users to install a globally trusted CA is a disaster from a security point of view (now my NAS vendor or anyone that hacks them can pose as google.com!), and for this reason doesn’t even work with modern Android apps anymore, for example.
1 comments
Dylan16807 631 days ago
Offering a layperson NAS buyer a self-signed cert is not "secure by default" even if browsers did accept it.
link
lxgr 631 days ago
Would it be less secure than unencrypted HTTP?
link
Dylan16807 631 days ago
No.

But if you want "secure by default" then neither one is acceptable.

link