[OpenWrt-Devel] HTTPS with 'letsencrypt.org' on OpenWrt

Michael Richardson mcr at sandelman.ca
Sat Sep 26 13:56:15 EDT 2015


Joris de Vries <j.s.de.vries at gmail.com> wrote:
    > I would be interested in this as well, although I'm not sure how useful
    > this is without configuring a good hostname for routers, also maybe
    > automatically.

Fundamentally, this is the problem for devices without names.
I just don't think that Lets Encrypt is going to be at all helpful for the
users that are most vulnerable.

This applies to openwrt routers, but also to things like ILOMs (e.g. Dell
iDRAC systems) and also things like a home NAS appliance.

What we need is a variation on the Extended Valiation Cert: a cert that the
browser recognizes having a DN that binds to the devices' MAC address.
The browser would then put that into the Location bar. Of course this is an
entirely new beast, but I don't see another way to intelligently get a
certificate for a router without a name.

--
]               Never tell me the odds!                 | ipv6 mesh networks [
]   Michael Richardson, Sandelman Software Works        | network architect  [
]     mcr at sandelman.ca  http://www.sandelman.ca/        |   ruby on rails    [
_______________________________________________
openwrt-devel mailing list
openwrt-devel at lists.openwrt.org
https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel



More information about the openwrt-devel mailing list