Are you joking? The primary reason why one would want one certificate per device... | Hacker News

Hacker News new | past | comments | ask | show | jobs | submit

login

imtringued on Sept 21, 2020 | parent | context | favorite | on: Let's Encrypt's New Root and Intermediate Certific...

Are you joking? The primary reason why one would want one certificate per device is because you are directly connecting to the device instead of letting the device connect to the vendor API which is already behind HTTPS. Your idea will just lead to a lot of bricked IoT devices once the vendor takes his certificate renewal API down.

alanfranz on Sept 21, 2020 | [–]

I don't understand. The device should expose an API (instead of a webinterface) to generate csrs and upload certs (ideally the key should never leave the device). What is the vendor api?

ptman on Sept 21, 2020 | [–]

The device can present an API as well.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact