-
Notifications
You must be signed in to change notification settings - Fork 11
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Collect use cases #1
Comments
I think that the above link "userCases.md" is missing. The link should be changed as follows. (Original) https://github.com/httpslocal/usecases/issues/UseCases.md |
Corrected. |
Not exactly use cases, but here's a list of LAN-connected consumer products that do (or could) provide a browser interface to their users:
|
@ecorm LGTM. I'm happy with these good suggestions. We can still add an additional use case that has not been technically covered in the current UseCases.md. At least, I'd like to check if there would be any technical gap between the current use cases and the products listed above. @dajiaji @igarashi50 Any comments or thoughts? |
One scenario that is not covered is a private LAN that has no connection to the general Internet. This is very common in industrial automation. The desire for HTTPS is to prevent unauthorized users that may gain physical access to this LAN from also gaining access to the industrial devices, and to prevent same from 'spoofing' the industrial devices. At present, these networks tend to completely rely on physical security, which has obvious limitations. |
@ecorm Thank you for the information. Good to know that there is an activity that has the same purpose as us. I think TLS-SRP can be one of the candidate solutions for HTTPS in local network, too. We will add the information to RelevantSpecs.md and other related documents. Thanks. |
You already have the home-automation use case on the list, but I'd like to reinforce this aspect. Currently, many home automation providers - be them open source such as home assistant/iobroker, or consumer gadgets like Nuki, Nest, Alexa or professional solutions (I know a few very large, German home automation manufacturers that are affected) - only allow HTTP connections, or allow HTTPS connections and take into account that the user will be presented a very dangerously looking warning by the browser (when accessed by a human) or implement HTTPS security only partially (when accessed by another machine). I think this is very unfortunate, and it's harming the "Smart Home" scenario as a whole, and I'm glad that you are working on changing this. I'd be glad if you could provide you with further information regarding requirements in smart home / IoT scenarios, if required. |
@dajiaji Unfortunately, this host does not seem to be available, anymore. (ERR_CONNECTION_TIMED_OUT) |
@daniel-kun Thanks for your comment! Your point is one of the reasons why we formed the Community Group. Since our use case document has not been completed yet, we'll end up refining the document sooner or later.
Thanks for sharing. It's a great, exhaustive work. I'm thinking about the solutions similar to your proposal 1.a. and 2. Especially, I strongly agree with your following opinion.
|
Oh, sorry but it's uncontrollable for me... |
I think that this could be the source: |
It has already been mentioned, but I still don't see a use case where the font page is fetched locally instead of from internet. Maybe a NAS would be a good use-case for this ? |
@Zenkibou You don't want to be unable to print when the internet is down, do you? :-) |
Use case:
I cobbled together a prototype using existing web technologies if this body is interested. |
we would like to collect use cases where browsers communicate with web-server-capable via HTTP and/or WebSocket over TLS, for the purpose of clarifying network and security requirements. Summary of TPAC breakout session would be useful to understand why considering use of HTTPS/WSS seems to be necessary for devices in local network.
If you find another use case, please submit a Pull Request to add it to UseCases.md, or add your comment to this issue.
The text was updated successfully, but these errors were encountered: