Some guy in this community ( may be a very experienced ) is not giving a nice suggestion to the users. He i think dude to lack if exposure to crypto and how PKI work , i saw is giving wrong information to users and also given in past
According to me some of his misconceptions are :
this whole thread is not justifying the way we are not suggesting the user about the things can do in today's world
instead some guys want just to stick with wiki pages
I offered the demonstartion too . which i am still offering , but before that make up a mind what is good for the community ? tell about the latest things not yet on wiki or just follow wiki ?
its just a brief , if anyone wants i can describe more
Please provide the name of a CA that issues wildcard certificates
for the ROOT DOMAIN ZONE or a TOP-LEVEL DOMAIN. I will then refer them to the FBI. Otherwise stop taking my words out of context.
why do you need root domain certificate and tld certificate dude ?
do you even trying to see what i want to contribute ? just assuming wrong wrong and saying what you read
yes created just now . so ?
Please refer to ORIGINAL thread - where you began taking me out of context:
When you say
Wildcard ...do you mean ROOT DNS DOMAIN?
Because that's what I understand, and you are not owner of ROOT DOMAIN, so you cannot revive such a cert.
Yes, but perhaps
you need to read what I said, so you stop telling people I'm making bad recommendations.
Lastly, this thread seems to be misplaced in the wrong category.
ok put it where you guys and me are treated equally . not where people just follow you blindly
Done, I moved the thread to the
Talk about Documentation category.
In addition, please stop saying me, as you already stated:
You have been told multiple times:
Your choice. Everyone can make an account:
did you see what's in the blog ??
I did, hence how I knew when it was created! LOL
It doesn't mention OpenWrt whatsoever
Nor does it tell a user how to install the packages on OpenWrt needed to do what the blog suggests
100% of your blog covers what is usually considered Enterprise use-cases I'm not sure how your blog spun off from assisting a user with SSL in LuCI
It would be more helpful to the users in the community to
assist them with issues/configurations, instead of causing them confusion.
Are you fine with sharing your luci password with your neighbour ( and you dont know how this happened ) ?
plese go point to point reply
I guess you wish to play games again.
If someone SHARES something, they are aware.
If they don't know, they are unaware.
Just make your point, please. As your blog is about wireless, and now you have once again went back to LuCI.
This is getting ridiculous, sir.
No I am not fine with sharing, nor my neighbor knowing without my knowledge...so how do you suppose that would occur to OpenWrt users - and what do you suggest to fix it? Lastly, after you make the suggestion, do you plan to edit the Wikis yourself!?!?
thats the point . this is the only thing dude i wanted you and all members to know
suppose you opened 192.168.1.1 and luci username and password page come . This is where you need to be aware , how will you confirm that its your luci and not other router ( a honeypot ) or not MITM
and yes its not openwrt specific , but we can save our community users from this
Physically plug into the router while all its other interfaces are disconnected/disabled (this is how you setup a router in most cases, especially commercial ones)
If another device was spoofing 192.168.1.1, you would fail to get Internet
Verify ARP MAC matches serial of router you purchased
This is a chicken-and-the-egg theory
the devices needs Internet to install the LuCI SSL package
you have not even mentioned that yet
most importantly the router has to be configured first
(Also, what does this have to do with a certificate? Certs are issued to domain names...)
Save them from configuring their own routers!?!?
Save them from breaking-and-entering their neighbor's house to plug into their router "accidentally"!?!?
Unless they spoofed Internet too. It doesn't matter when no other device is connected. Now
please stop playing and make a point.
you bought router
correct that you dont put wifi on and plugged LAN cable configured and unplugged from lan
now you enable wifi all ok ?
from here learn yourself how can you get exploit ? ok
Not OK...I didn't magically understand anything...I'm expecting you to explain something here...
Also, if you're implying that a 192.168.1.1 can be spoofed via Wireless LAN...LOL
The only thing I understand - is that you're implying WiFi, in all its forms, is insecure.
Am I correct?
If someone is this
security paranoid, as I suggested:
Using a management VLAN only addresses all your concerns:
Physically at device
Configured to be only port/network LuCI/SSH is reachable from
Last option is console access, only.
In logic, reductio ad absurdum (Latin for "reduction to absurdity"), also known as argumentum ad absurdum (Latin for "argument to absurdity") or the appeal to extremes, is a form of argument that attempts either to disprove a statement by showing it inevitably leads to a ridiculous, absurd, or impractical conclusion, or to prove one by showing that if it were not true, the result would be absurd or impossible. Traced back to classical Greek philosophy in Aristotle's Prior Analytics (Gree The "abs...
dude i understand one thing only , you are really not in favour of any advancement , its fine your choice keep LAN wire with you configure safely
al da best
al da best
I wish you well too; but for someone as security paranoid as you, don't get me wrong:
I'd turn off uHTTPd and dropbear and run console only.
I can't imagine a network security person like yourself not taking that as sound advice.
(The LAN wire chide was funny, but again, used to take me out of context.)