Adam Borowski wrote on 15/07/18 11:51:
On Sun, Jul 15, 2018 at 08:14:20AM +1000, Ralph Ronnquist wrote:
Since the HTTPS certification principle is based on domain names, it's hard
to understand in general how routers would be able to hold such certificates
(installed by vendors), and if they could, what value that would have in
terms of security.
The only problem here is renewal of those certs -- a router that was offline
for a while or is in a network that doesn't allow phoning home risks having
its cert expire.
There's no reason why you can't have multiple certs for the same name; any
CA will gladly give you thousands of cert-key pairs, and while they'll
charge more for such a special case the per-router price will still be
peanuts.
Either you are joking, or I am being thick (or both, perhaps), but how
could the vendor know beforehand what I want as domain name for my router?
[snip]
No need to discuss things that aren't.
Ralph.
_______________________________________________
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
