Re: [OpenWrt-Devel] HTTPS with 'letsencrypt.org' on OpenWrt

2015-09-26 Thread Michael Richardson 

Joris de Vries  wrote:
> I would be interested in this as well, although I'm not sure how useful
> this is without configuring a good hostname for routers, also maybe
> automatically.

Fundamentally, this is the problem for devices without names.
I just don't think that Lets Encrypt is going to be at all helpful for the
users that are most vulnerable.

This applies to openwrt routers, but also to things like ILOMs (e.g. Dell
iDRAC systems) and also things like a home NAS appliance.

What we need is a variation on the Extended Valiation Cert: a cert that the
browser recognizes having a DN that binds to the devices' MAC address.
The browser would then put that into the Location bar. Of course this is an
entirely new beast, but I don't see another way to intelligently get a
certificate for a router without a name.

--
]   Never tell me the odds! | ipv6 mesh networks [
]   Michael Richardson, Sandelman Software Works| network architect  [
] m...@sandelman.ca  http://www.sandelman.ca/|   ruby on rails[
___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel

Re: [OpenWrt-Devel] HTTPS with 'letsencrypt.org' on OpenWrt

2015-09-25 Thread Joris de Vries 
I would be interested in this as well, although I'm not sure how useful this is 
without configuring a good hostname for routers, also maybe automatically. That 
said, from what I can see there are two options to achieve this.

The first and probably the easiest would be to port their tool to OpenWrt. It 
has a list of required modules 
(https://github.com/letsencrypt/letsencrypt/blob/master/setup.py 
) and I'm not 
sure how one would go about building it. Furthermore, it is built in Python, 
although I'm unsure if that builds to an acceptable size? Although to be honest 
it seems that about 50% of the routers in the ToH have at least 8 MB (capitals) 
of storage which I guess might fit.

The second option would be to implement the standard they use (ACME, 
https://github.com/letsencrypt/acme-spec 
) in an OpenWrt specific tool. This 
might have the added advantage of being easier to integrate with the http 
server OpenWrt uses, as I understand that one of the ways to verify a domain is 
to create a resource at some path on the server.

Cheers,

Joris

> On 25 Sep 2015, at 15:48, Sami Olmari  wrote:
> 
> I have not, I am waiting eagerly to lets encrypt go fully public. That being 
> said I have no deep knowledge of inner workings of the tool(s), but I do hope 
> that some day openwrt would also have package for this, or some method to 
> achieve this :) Will allpha and beta test for sure should there ever be baked 
> something for this! Mine .2
> 
>  Sami Olmari
> 
> On Fri, Sep 25, 2015 at 11:32 AM, Bastian Bittorf  > wrote:
> has anyone played with let's encrypt and their API?
> http://letsencrypt.readthedocs.org/en/latest/api.html 
> 
> 
> at the moment they are doing really complicated stuff,
> but maybe it's possible to hack something simply with
> the built JSON-tools and curl?
> 
> bye, bastian
> ___
> openwrt-devel mailing list
> openwrt-devel@lists.openwrt.org 
> https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel 
> 
> 
> ___
> openwrt-devel mailing list
> openwrt-devel@lists.openwrt.org
> https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel

___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel

[OpenWrt-Devel] HTTPS with 'letsencrypt.org' on OpenWrt

2015-09-25 Thread Bastian Bittorf 
has anyone played with let's encrypt and their API?
http://letsencrypt.readthedocs.org/en/latest/api.html

at the moment they are doing really complicated stuff,
but maybe it's possible to hack something simply with
the built JSON-tools and curl?

bye, bastian
___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel

Re: [OpenWrt-Devel] HTTPS with 'letsencrypt.org' on OpenWrt

2015-09-25 Thread Sami Olmari 
I have not, I am waiting eagerly to lets encrypt go fully public. That
being said I have no deep knowledge of inner workings of the tool(s), but I
do hope that some day openwrt would also have package for this, or some
method to achieve this :) Will allpha and beta test for sure should there
ever be baked something for this! Mine .2

 Sami Olmari

On Fri, Sep 25, 2015 at 11:32 AM, Bastian Bittorf 
wrote:

> has anyone played with let's encrypt and their API?
> http://letsencrypt.readthedocs.org/en/latest/api.html
>
> at the moment they are doing really complicated stuff,
> but maybe it's possible to hack something simply with
> the built JSON-tools and curl?
>
> bye, bastian
> ___
> openwrt-devel mailing list
> openwrt-devel@lists.openwrt.org
> https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel
>
___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel