Ralph Ronnquist wrote: >> Since the HTTPS certification principle is based on domain names, it's hard >> to understand in general how routers would be able to hold such certificates >> (installed by vendors), and if they could, what value that would have in >> terms of security.
They don't, and it doesn't ! IME, typical home routers tend to give the local lan a TLD like ".lan", and when offline have a nasty "user friendly" feature or screwing with the DNS to point the user's browsers at something like router.lan which resolves to itself. Thus the router only needs a cert for router.lan - which as Adam points out is worthless for security since anyone could extract the private keys from a firmware update image. And in practice, I doubt that the cert ever gets renewed - by the time it expires, the vendor will consider the model obsolete. Adam Borowski <[email protected]> wrote: > The only problem here is renewal of those certs -- a router that was offline > for a while or is in a network that doesn't allow phoning home risks having > its cert expire. As above, I doubt if many, if any, actually bother to update the cert. _______________________________________________ Dng mailing list [email protected] https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
