[Cerowrt-devel] security guidelines for home routers

Mikael Abrahamsson swmike at swm.pp.se
Mon Nov 26 13:35:23 EST 2018

On Mon, 26 Nov 2018, Sebastian Moeller wrote:

> And 2) basically is a complaint that there is a weak MAY clause for 
> guaranteeing that 3rd party firmware like openwrt is installable. I 
> think this was weakened on purpose by the DOCSIS-ISPs which seem to have 
> zero interest for 3rd party firmwares for cable-modems/routers. (I would 
> not be amazed if cable labs would actually rule something like this out 
> per contract, but I have zero evidence for that hypothesis).

2 is interesting from a security point of view. With secure boot special 
provisions have to be put into the router to turn off secure boot to be 
able to install anything on it. Question is how this would be done in a 
way that is both secure and somewhat user friendly.

2 also implies sharing drivers etc, and it's unclear how this would be 
done. I believe Germany is too small to drive this requirement, we'd need 
at least US or EU size market to really succeed with this.

Mikael Abrahamsson    email: swmike at swm.pp.se

More information about the Cerowrt-devel mailing list