On 6/12/19 3:18 PM, Michael Richardson wrote:
Michael Thomas <[email protected]> wrote:
>> Secondary admins are encouraged to guard against loss/destruction of
mobile
>> phone, and it is also possible to enroll a second time, provided the
>> manufacturer agrees (this is both a feature and a bug)
>>
>> The code is at https://github.com/CIRALabs/
>>
> I'm not sure we're talking about the same thing? I'm just talking about
the
> normal web interface that home routers have to hand configure them.
There's
> no need for certs at all.
Yes, that's what I'm talking about.
Yes, there is a need for strong security.
The bad guys are inside already, they send trojans, and if the router has
passwords ("admin"/"admin"), then the bad guys just change the security
policy.
They don't do this now, because they don't need to, our home routers are
basically swiss cheese in the outbound direction, but I'm sure they will
learn. Particularly, it will be easy if we have a standard (or
defacto-standard) API. At this point, the luci interface is probably easily
automated.
Modern browsers practically don't let you even type passwords in over HTTP
now, so you really really really need a certificate for the inside of the
router, and it needs to be valid.
Oh, sorry, I wasn't thinking about TLS. Obviously you need server certs
for that. I was thinking about the client side authentication which is
what webauthn is for, and it doesn't require certs of any kind, iirc.
> I wrote a blog post which considered the enrollment problem of a
> webauthn-like protocol (way before webauthn was even started). I'm not
sure
> if it works for the special case of a home router though.
>
http://rip-van-webble.blogspot.com/2012/06/using-asymmetric-keys-for-web-joinlogin.html
> Enrollment, of course, is out of scope for webauthn, per se.
I'll read it.
Thanks, it's probably pretty dated by now, especially all of the crypto
hackery :). The thing that I'm not sure about is whether the out-of-band
method for adding clients would work in a home router situation. My
solution required the server (ie, the router) to send email to somebody.
It could be sms too, but it's not very clear that email from a naked
router ip address would be very effective since, like, nobody accepts
email from home net ranges. I guess in theory you could configure an
mail account for the router, but that seems sort of like a non-starter.
But there may be other ways to finesse this.
Mike
_______________________________________________
homenet mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/homenet
