diff options
Diffstat (limited to 'research/security.page')
-rw-r--r-- | research/security.page | 25 |
1 files changed, 25 insertions, 0 deletions
diff --git a/research/security.page b/research/security.page new file mode 100644 index 0000000..14b7524 --- /dev/null +++ b/research/security.page @@ -0,0 +1,25 @@ + +## Questions + +External attackers likely could/would port scan and be able to identify the +device; is that a problem? + +## Pitfalls, Lessons Learned + +XSS attack to back out geo location of router: <http://samy.pl/mapxss/> + +## Links, Unsorted + +Advice on HTTPS: http://www.imperialviolet.org/2012/07/19/hope9talk.html + +[Tripphrases](http://worrydream.com/tripphrase/) + +plan9 security: [Factotum](http://doc.cat-v.org/plan_9/4th_edition/papers/auth) + +Users should probably have a single "root" GPG key for every distinct +identity/persona that they present to the external world, and then generate +subkeys for use with each host/device and external service. This allows more +fine grained control over revokation and access control (eg, if a device is +lost then suspend/revoke that key). An API or tools to help distribute +certificates, signing information, and revokations would be helpful. + |