[Cerowrt-devel] security guidelines for home routers

[Mikael Abrahamsson]

On Mon, 26 Nov 2018, David P. Reed wrote:

> Personally, I think it's time to move "security" out of the military 
> sector of government..

I think we need some kind of international cooperation body that develops 
guidelines that vendors can then slap their "approved by"-sticker on the 
box by complying to these guidelines. Problem here is that 99% of the 
population do not care about this, they just want to get their network 
running. That's why apple succeeds with their products, because they sell 
a "this is secure and works"-product, even if this security means you have 
to go to an authorized apple store to get your components replaced 
(because they're cryptographically paired for security reasons). It's 
possibly also that for most of Apples customers, this level of security is 
too high. People would rather have their pictures unencrypted and 
extractable without password from the device, compared to them being lost 
because the device was damanged otherwise broken.

So we need to come up with a security regime that makes sense for the most 
amount of people, and then try to still cater to the ones who want to do 
more/less.

-- 
Mikael Abrahamsson    email: swmike at swm.pp.se