From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <swmike@swm.pp.se>
Received: from uplift.swm.pp.se (ipv6.swm.pp.se [IPv6:2a00:801::f])
 (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits))
 (No client certificate requested)
 by lists.bufferbloat.net (Postfix) with ESMTPS id DD6C23B29E
 for <cerowrt-devel@lists.bufferbloat.net>;
 Tue, 27 Nov 2018 06:07:52 -0500 (EST)
Received: by uplift.swm.pp.se (Postfix, from userid 501)
 id 66CA2B9; Tue, 27 Nov 2018 12:07:51 +0100 (CET)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=swm.pp.se; s=mail;
 t=1543316871; bh=dO35HZCSkWevZeUGU4BpmogzweamJg41W43HI1ndLF8=;
 h=Date:From:To:cc:Subject:In-Reply-To:References:From;
 b=BdF7TIM2RHkLnS06YVeYRO4+eUyZ3f4VBlj3hoZT4Vu2Yt8tmpNYsWJ0aaU5y6bJc
 TWzRn4qo63m/RxOZdcEKYXZtlINF2qWe35SUf5hl+25ST/UcEQG3ENOZBje/lX7qWj
 4T3GnNDccUzPubeSsHM9Tt7quZFZXEjNzIqKa46Q=
Received: from localhost (localhost [127.0.0.1])
 by uplift.swm.pp.se (Postfix) with ESMTP id 638DC9F;
 Tue, 27 Nov 2018 12:07:51 +0100 (CET)
Date: Tue, 27 Nov 2018 12:07:51 +0100 (CET)
From: Mikael Abrahamsson <swmike@swm.pp.se>
To: "David P. Reed" <dpreed@deepplum.com>
cc: cerowrt-devel <cerowrt-devel@lists.bufferbloat.net>
In-Reply-To: <1543278579.232231705@apps.rackspace.com>
Message-ID: <alpine.DEB.2.20.1811271204250.7766@uplift.swm.pp.se>
References: <CAA93jw54urN1Gh731zg0MGsyCiWPOLNa2p__GXZMJd=ODMWLiw@mail.gmail.com>
 <6F8CDBFF-8B8A-4B6B-BCE9-918A69354626@gmx.de>
 <CAA93jw4La1v=tQOFPZGr6QZ04yfcu2Z+pVQegyLpQwSaFevyEw@mail.gmail.com>
 <13EA268F-994D-45FF-A0B2-1CAF4C530B4F@gmx.de>
 <1543278579.232231705@apps.rackspace.com>
User-Agent: Alpine 2.20 (DEB 67 2015-01-07)
Organization: People's Front Against WWW
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII; format=flowed
Subject: Re: [Cerowrt-devel] security guidelines for home routers
X-BeenThere: cerowrt-devel@lists.bufferbloat.net
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: Development issues regarding the cerowrt test router project
 <cerowrt-devel.lists.bufferbloat.net>
List-Unsubscribe: <https://lists.bufferbloat.net/options/cerowrt-devel>,
 <mailto:cerowrt-devel-request@lists.bufferbloat.net?subject=unsubscribe>
List-Archive: <https://lists.bufferbloat.net/pipermail/cerowrt-devel>
List-Post: <mailto:cerowrt-devel@lists.bufferbloat.net>
List-Help: <mailto:cerowrt-devel-request@lists.bufferbloat.net?subject=help>
List-Subscribe: <https://lists.bufferbloat.net/listinfo/cerowrt-devel>,
 <mailto:cerowrt-devel-request@lists.bufferbloat.net?subject=subscribe>
X-List-Received-Date: Tue, 27 Nov 2018 11:07:53 -0000

On Mon, 26 Nov 2018, David P. Reed wrote:

> Personally, I think it's time to move "security" out of the military 
> sector of government..

I think we need some kind of international cooperation body that develops 
guidelines that vendors can then slap their "approved by"-sticker on the 
box by complying to these guidelines. Problem here is that 99% of the 
population do not care about this, they just want to get their network 
running. That's why apple succeeds with their products, because they sell 
a "this is secure and works"-product, even if this security means you have 
to go to an authorized apple store to get your components replaced 
(because they're cryptographically paired for security reasons). It's 
possibly also that for most of Apples customers, this level of security is 
too high. People would rather have their pictures unencrypted and 
extractable without password from the device, compared to them being lost 
because the device was damanged otherwise broken.

So we need to come up with a security regime that makes sense for the most 
amount of people, and then try to still cater to the ones who want to do 
more/less.

-- 
Mikael Abrahamsson    email: swmike@swm.pp.se