Besides the "project management" concerns expressed in my earlier note, I also
share Karl Palsson's worries...
> On Sep 1, 2020, at 9:04 AM, Karl Palsson wrote:
>
> With this change, the very first thing users see is a browser
> warning telling the user very very very bad things about what
> th
Paul Spooren wrote:
> Hi team,
>
> I recently rewrote px5g[1] to use WolfSSL instead of MbedTLS,
> as the former will be included in OpenWrt 20.x per default.
Cool, more options for ssl libraries is always good.
>
> If px5g is added to the next release, certificates are
> generated on first b
Henrique de Moraes Holschuh writes:
> It would be *nice* if we could easily deploy extremely restricted
> self-signed CAs that can only sign a numeric pattern hostname under
> .iot... That extremely restricted CA would get
> "approved" by something from . that the browser would
> use to stop pes
On 8/31/20 8:34 PM, Michael Richardson wrote:
>
> Stijn Tintel wrote:
> >> The question came up if we really want RSA certificates for LuCI or if
> >> the faster and "more modern" ECC P-256 wouldn't be a better choice.
> >>
> >> If px5g is added to the next release, certificates a
Stijn Tintel wrote:
>> The question came up if we really want RSA certificates for LuCI or if
>> the faster and "more modern" ECC P-256 wouldn't be a better choice.
>>
>> If px5g is added to the next release, certificates are generated on
>> first boot and most users are unlik
On 31/08/2020 14:26, Michael Richardson wrote:
Yes, many many many devices will break.
But browser makers don't really care about that.
This is a no-win situation until we can find a way to give proper names and
certificates to devices.
And offloading this into Let's Encrypt is **NOT** an answe
Bjørn Mork wrote:
>> I have running code that deploys LetsEncrypt certificates to devices in
the
>> "factory". This requires a DNS name for dns-01 challenge.
>> That's clearly not feasible for random end-users who flash openwrt on
their own.
>> I would like to explore some add
Paul Spooren wrote:
> On 30.08.20 12:32, Michael Richardson wrote:
>> Paul Spooren wrote:
>> > I recently rewrote px5g[1] to use WolfSSL instead of MbedTLS, as the
former
>> > will be included in OpenWrt 20.x per default.
>>
>> > Both implementations support the generatio
On 30/08/2020 10:57, Paul Spooren wrote:
> The question came up if we really want RSA certificates for LuCI or if
> the faster and "more modern" ECC P-256 wouldn't be a better choice.
>
> If px5g is added to the next release, certificates are generated on
> first boot and most users are unlikely to
Michael Richardson writes:
> I have running code that deploys LetsEncrypt certificates to devices in the
> "factory". This requires a DNS name for dns-01 challenge.
> That's clearly not feasible for random end-users who flash openwrt on their
> own.
> I would like to explore some additional op
On 30.08.20 12:32, Michael Richardson wrote:
Paul Spooren wrote:
> I recently rewrote px5g[1] to use WolfSSL instead of MbedTLS, as the
former
> will be included in OpenWrt 20.x per default.
> Both implementations support the generation of RSA and ECC keys, where
uhttpd
Paul Spooren wrote:
> I recently rewrote px5g[1] to use WolfSSL instead of MbedTLS, as the
former
> will be included in OpenWrt 20.x per default.
> Both implementations support the generation of RSA and ECC keys, where
uhttpd
> currently defaults to RSA with 2048 keys.
> T
On 8/30/20 9:57 AM, Paul Spooren wrote:
> Hi team,
>
> I recently rewrote px5g[1] to use WolfSSL instead of MbedTLS, as the
> former will be included in OpenWrt 20.x per default.
>
> Both implementations support the generation of RSA and ECC keys, where
> uhttpd currently defaults to RSA with 204
> On Aug 30, 2020, at 00:57, Paul Spooren wrote:
>
> Hi team,
>
> I recently rewrote px5g[1] to use WolfSSL instead of MbedTLS, as the former
> will be included in OpenWrt 20.x per default.
>
> Both implementations support the generation of RSA and ECC keys, where uhttpd
> currently default
Hi team,
I recently rewrote px5g[1] to use WolfSSL instead of MbedTLS, as the
former will be included in OpenWrt 20.x per default.
Both implementations support the generation of RSA and ECC keys, where
uhttpd currently defaults to RSA with 2048 keys.
The question came up if we really want R
15 matches
Mail list logo
