OpenWrt One / project update
Bjørn Mork
bjorn at mork.no
Sat Apr 6 02:02:58 PDT 2024
Michael Richardson <mcr at sandelman.ca> writes:
> I'd really like to find a way to work with your manufacturer to get an IDevID
> certificate into each unit as it is manufacturered.
For those of us who are not going to pay USD 100 for a document we won't
be able to comprehend anyway: Do you have a pointer to a "IDevID howto
for dummies"?
I assume the private key must be protected on the device. What are the
hardware requirements?
What's the root of the IDevID, and why do I trust it?
What's the lifetime of an IDevID certificate? Unlimited?
Are there any special constraints to consider when validating an IDevID
certificate?
What's the typical usecase on a device like this? Signing short lived
device generated TLS server certificates for e.g a local https server?
Signing client certificates for CPE management (tr-x69 etc)?
Do you ever use the IDevID certificate directly, or is it always just an
intermediate CA?
Bjørn
More information about the openwrt-devel
mailing list