[Cerowrt-devel] security guidelines for home routers
swmike at swm.pp.se
Mon Nov 26 13:35:23 EST 2018
On Mon, 26 Nov 2018, Sebastian Moeller wrote:
> And 2) basically is a complaint that there is a weak MAY clause for
> guaranteeing that 3rd party firmware like openwrt is installable. I
> think this was weakened on purpose by the DOCSIS-ISPs which seem to have
> zero interest for 3rd party firmwares for cable-modems/routers. (I would
> not be amazed if cable labs would actually rule something like this out
> per contract, but I have zero evidence for that hypothesis).
2 is interesting from a security point of view. With secure boot special
provisions have to be put into the router to turn off secure boot to be
able to install anything on it. Question is how this would be done in a
way that is both secure and somewhat user friendly.
2 also implies sharing drivers etc, and it's unclear how this would be
done. I believe Germany is too small to drive this requirement, we'd need
at least US or EU size market to really succeed with this.
Mikael Abrahamsson email: swmike at swm.pp.se
More information about the Cerowrt-devel