I'm wonder if anyone can shed some light on what the thinking is behind moving firmware downloads behind the HTTPS port.  I have a couple of issues with it.

1. We used to be able to lock admin access to our controller down really well.  It was only accessible from a couple of known-good, local machines.  Now that the HTTPS admin port is required to update devices, we have to leave the admin interface open to the whole world.
2. It's extremely difficult / impossible to put the controller admin behind a reverse proxy because client devices appear to omit SNI.  In addition to that, it looks like client devices don't validate SSL.  I can expose the controller directly with a self-signed certificate and everything works.

From the little bit that I looked at it today, I'm left with the impression the SSL and security end of things aren't the best.  I'd really like to know how clients verify the payload they're getting to ensure it hasn't been tampered with.

I also want to emphasize how bad of an idea I think it is to comingle the admin interface with functionality required for client devices which forces us to expose the admin interface to the world.  If everything needs to be run on a single port, admin functionality should at least be segregated into a sub-path like /admin/ and the controller should work behind a reverse proxy so we can restrict the admin URLs.