We need one of the following:
- User enters password at home when registering the box (the original plan from CB)
- The serial number in the box is actually long enough to be a secure random (nixing this since we are getting zero info on the hardware at the moment)
- The user approves his/her generated certificate by either logging back to the website to approve it, or leaving a valid email address where a confirmation is sent
With the option #1, the password is needed once, and is used to establish a trusted certificate for the box. However, this still leaves the trusted identity vulnerable if the original password is weak (attacker may break the website password, force factory reset and establish his rogue box bound to the user account).
Enforcing strong password on the website becomes essential, no matter how much they annoy the user.
Option #3 might be attractive if the certificate SubjectDN can carry enough meaningful information to make it easy for average user to verify its validity -- MAC address probably ain't it.
Tags: Authentication | Security
Created: 06. Jul 2008, 14:29 CET (Christian Bauer)
Last Modified: 12. Jul 2008, 12:49 CET (Juha Lindfors)
