On Friday, 13 September 2019 12:36:56 UTC+2, Henri Sivonen wrote: > On Fri, Sep 13, 2019 at 3:09 AM Martin Thomson wrote: > > > > On Thu, Sep 12, 2019 at 5:50 PM Henri Sivonen wrote: > >> > >> Do we know what the situation looks like for connections to RFC 1918 > >> addresses? > > > > That's a hard one to even speculate about, and that's all we really have > > there. Our telemetry doesn't really allow us to gain insight into that. > > I see. > > > The big question being enterprise uses, where there is some chance of > > having names on servers in private address space. Most use of 1918 outside > > of enterprise is likely still unsecured entirely. > > I was thinking of home printer, NAS and router config UIs that are > unsecured in the sense of using self-signed certificates but that > still use TLS, so that TLS matters for practical compatibility. I > don't know of real examples of devices that both use TLS exclusively > and don't support TLS 1.2. (My printer redirects http to https with > self-signed cert but supports TLS 1.2.) > > -- > Henri Sivonen >
I would agree that these changes and changes that have already occurred over the last year or so, have broken access to admin consoles of older networking kit. I had to pull a WinXP machine out of storage recently to manage an HP 2610 switch. Granted some of these may be edge cases, but it would be nice to have some exclusion system or exclusions for rfc1918 spaces for cases like self-signed certs and similar issues, even if it's an advanced Preferences selection and not on the error page itself. _______________________________________________ dev-platform mailing list dev-platform@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-platform
