MIchael Thomas <m...@fresheez.com> wrote: >>> There are no passwords.
>> Yes please. > Speaking of which, should we be encouraging router vendors to implement > webauthn? Considering that probably half of home routers have the default > password, that seems like it would be a Good Thing. We have done an enrollment system which based upon BRSKI. It is described in draft-richardson-ietf-anima-smarkaklink. We have running code with a desktop acting as the client, with the mobile app being built now. I am making a screencast today, actually. There are similarities to some profiles of EAP-NOOB, but we do rely on the manufacturer as the root of trust. I guess we could/should have considered enhancing webauthn instead; I have to think a bit about whether it would have work as well. I will need to see. At the end of the day, we wind up with a mobile phone with a certificate enrolled into a private CA on the router. The router itself has a LetsEncrypt certificate acting as it's IDevID, although this could be a private CA instead. There are issues in both directions. Secondary admins are encouraged to guard against loss/destruction of mobile phone, and it is also possible to enroll a second time, provided the manufacturer agrees (this is both a feature and a bug) The code is at https://github.com/CIRALabs/ -- Michael Richardson <mcr+i...@sandelman.ca>, Sandelman Software Works -= IPv6 IoT consulting =-
signature.asc
Description: PGP signature
_______________________________________________ homenet mailing list homenet@ietf.org https://www.ietf.org/mailman/listinfo/homenet