>> I think making use of self-signed certificates in production is a bad >> idea because (1) it reinforces poor practices, namely electing to trust >> a self-signed certificate and (2) it does not authenticate the >> server/router, a critical piece of the TLS security model. > maybe, but it's still better than sending all communication to the > management interface as plain text.
>> My point of view is that we should delay HTTPS-by-default until we have >> a scheme for establishing the identity of the router. Until then, we >> should be honest and make use of HTTP. What is the difference between transmitting packets containing cleartext and transmitting encrypted packets to a party whose identity you do not know? > nobody is working on that, and in most cases it's not really possible. You > always have a point where the user has to make the call of trusting the > device's ID or code or something. Yes. This is true, and trusting CAs is a specialization of this. I understand that we do not have a scheme yet, and the necessary out-of-band channels in a router are limited. What I am arguing is that just falling back on self-signed certificates in order to turn on HTTPS is not a good solution and is in fact counter-productive. -- Mike :wq _______________________________________________ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/mailman/listinfo/openwrt-devel
