From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <swmike@swm.pp.se>
Received: from uplift.swm.pp.se (swm.pp.se [212.247.200.143])
 (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits))
 (No client certificate requested)
 by lists.bufferbloat.net (Postfix) with ESMTPS id 6F8743B29E
 for <cerowrt-devel@lists.bufferbloat.net>;
 Mon, 26 Nov 2018 13:35:25 -0500 (EST)
Received: by uplift.swm.pp.se (Postfix, from userid 501)
 id DDD66B9; Mon, 26 Nov 2018 19:35:23 +0100 (CET)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=swm.pp.se; s=mail;
 t=1543257323; bh=/bUUeDJHzgj+gHQdbyE960Lu3W+CJ4qGzy0/vz7eNbM=;
 h=Date:From:To:cc:Subject:In-Reply-To:References:From;
 b=L1+MG0ESMEEGw1FfoZqCA/gaverN3SgUhrXRxvZtNea/cW8xAhtFyAyWwCIQG78i+
 cgG/8gZEdGijydsUj/5YWFq35rStM/l9vs9ZVJ42cyG0UQwp8OTKmfbIbkLdBB7MKz
 5a+hIH4+ZwVmDP0ktqe8GN/rHbj3dXwMn/+Cd4Kk=
Received: from localhost (localhost [127.0.0.1])
 by uplift.swm.pp.se (Postfix) with ESMTP id DB997B6;
 Mon, 26 Nov 2018 19:35:23 +0100 (CET)
Date: Mon, 26 Nov 2018 19:35:23 +0100 (CET)
From: Mikael Abrahamsson <swmike@swm.pp.se>
To: Sebastian Moeller <moeller0@gmx.de>
cc: =?ISO-8859-15?Q?Dave_T=E4ht?= <dave.taht@gmail.com>, 
 cerowrt-devel <cerowrt-devel@lists.bufferbloat.net>
In-Reply-To: <6F8CDBFF-8B8A-4B6B-BCE9-918A69354626@gmx.de>
Message-ID: <alpine.DEB.2.20.1811261932460.14216@uplift.swm.pp.se>
References: <CAA93jw54urN1Gh731zg0MGsyCiWPOLNa2p__GXZMJd=ODMWLiw@mail.gmail.com>
 <6F8CDBFF-8B8A-4B6B-BCE9-918A69354626@gmx.de>
User-Agent: Alpine 2.20 (DEB 67 2015-01-07)
Organization: People's Front Against WWW
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII; format=flowed
Subject: Re: [Cerowrt-devel] security guidelines for home routers
X-BeenThere: cerowrt-devel@lists.bufferbloat.net
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: Development issues regarding the cerowrt test router project
 <cerowrt-devel.lists.bufferbloat.net>
List-Unsubscribe: <https://lists.bufferbloat.net/options/cerowrt-devel>,
 <mailto:cerowrt-devel-request@lists.bufferbloat.net?subject=unsubscribe>
List-Archive: <https://lists.bufferbloat.net/pipermail/cerowrt-devel>
List-Post: <mailto:cerowrt-devel@lists.bufferbloat.net>
List-Help: <mailto:cerowrt-devel-request@lists.bufferbloat.net?subject=help>
List-Subscribe: <https://lists.bufferbloat.net/listinfo/cerowrt-devel>,
 <mailto:cerowrt-devel-request@lists.bufferbloat.net?subject=subscribe>
X-List-Received-Date: Mon, 26 Nov 2018 18:35:25 -0000

On Mon, 26 Nov 2018, Sebastian Moeller wrote:

> And 2) basically is a complaint that there is a weak MAY clause for 
> guaranteeing that 3rd party firmware like openwrt is installable. I 
> think this was weakened on purpose by the DOCSIS-ISPs which seem to have 
> zero interest for 3rd party firmwares for cable-modems/routers. (I would 
> not be amazed if cable labs would actually rule something like this out 
> per contract, but I have zero evidence for that hypothesis).

2 is interesting from a security point of view. With secure boot special 
provisions have to be put into the router to turn off secure boot to be 
able to install anything on it. Question is how this would be done in a 
way that is both secure and somewhat user friendly.

2 also implies sharing drivers etc, and it's unclear how this would be 
done. I believe Germany is too small to drive this requirement, we'd need 
at least US or EU size market to really succeed with this.

-- 
Mikael Abrahamsson    email: swmike@swm.pp.se