User: Password:
|
|
Subscribe / Log in / New account

Default "secrets"

Default "secrets"

Posted Jan 6, 2011 10:54 UTC (Thu) by Fowl (subscriber, #65667)
In reply to: Default "secrets" by adamgundy
Parent article: Default "secrets"

Never seen that before. All I've seen have been self signed, or involve getting a subdomain and cert from the vendor. (ie. Windows Home Server)

Having thought about how else it could "worl" for a while, the only two ways I can think of are:

The vendor purchasing a FQDN. getting a CA signed cert for that domain, put that cert in the firmware image, then either:

* pointing it to a RFC 1918 address (internal, eg. 192.168.1.1)
* configuring the device to engage in some sort of dns spoofing.

All of which.. seems bad.

Am I close?


(Log in to post comments)

Default "secrets"

Posted Jan 6, 2011 17:35 UTC (Thu) by adamgundy (subscriber, #5418) [Link]

if I remember the Slashdot discussion correctly, I think they're shipping with signed keys for the default IP address, so eg https://192.168.0.1/ doesn't complain.

Default "secrets"

Posted Jan 7, 2011 11:48 UTC (Fri) by james (subscriber, #1325) [Link]

The domestic routers I've seen ship with DNS and DHCP servers enabled, and the DHCP tells clients to use the router as DNS server. That gives the router a clean way of resolving special domain names itself.

I imagine few users actually bother setting up static IP addresses, and many of those that do still use the router for DNS resolving (you don't know when your ISP is going to change their setup).


Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds