On Jun 13, 2019, at 2:40 PM, Michael Thomas <m...@fresheez.com> wrote: > Are we talking about the same thing? I'm not sure what naming has to do with > dealing with crappy/default passwords on router web interfaces? > If your router has a name, it can get a cert. If it doesn’t have a name, it can’t. That cert then becomes a basis for establishing trust.
In the case of devices on the home network establishing trust with the router, you have to bootstrap that somehow. In that case, the easiest thing to do is as I suggested: you have access to the router’s network nobody else has established trust yet This isn’t ideal, but it creates a pathway for further trust establishment: once you have one device that has a trusted key, then that device can authorize additional devices, which can authorize additional devices. A device that comes onto the network after initial trust establishment can’t get trust without being approved.
_______________________________________________ homenet mailing list homenet@ietf.org https://www.ietf.org/mailman/listinfo/homenet