On 20/11/20 17:47, W. Michael Petullo wrote:
I think making use of self-signed certificates in production is a bad
idea because (1) it reinforces poor practices, namely electing to trust
a self-signed certificate and (2) it does not authenticate the
server/router, a critical piece of the TLS security model.
maybe, but it's still better than sending all communication to the
management interface as plain text.
What is the difference between transmitting packets containing cleartext
and transmitting encrypted packets to a party whose identity you do
not know?
What are you talking about? After the initial "pairing" process where
you see the warning, the browser remembers the certificate for all
subsequent connections.
If the certificate changes (and it will change only if you do a firmware
reset to default settings) you will see the the warning again.
So you are just changing a CA-based system to a local pairing system.
What I am arguing is that just falling back on
self-signed certificates in order to turn on HTTPS is not a good solution
and is in fact counter-productive.
I disgree with your argument, self-signed certificates are NOT less
secure than http. Pairing is fine and secure even if you don't have the
certificate mafia to "assure" that something is trusted.
_______________________________________________
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/mailman/listinfo/openwrt-devel
