[Freedombox-discuss] FreedomBox/Unhosted/PageKite for Access Innovation Prize 2012

Bjarni Rúnar Einarsson bre at pagekite.net
Sun Jul 8 22:39:10 UTC 2012


On Sun, Jul 8, 2012 at 9:35 PM, Michael Rogers <michael at briarproject.org> wrote:
>> Cons: Requires the user have a public IP.  The FreedomBox
>> distributor becomes a "single point of attack" as they have a
>> central list of which domain belongs to which user.  The
>> distributor is also in a position which allows them to issue new
>> certs and MITM attack users without their knowledge.
>
> These cons are all solvable. The box's installation wizard can guide
> the user through choosing a PageKite subdomain, entering payment
> details, generating an SSL cert and submitting it to StartSSL. The
> user doesn't need a static IP. The hardware distributor doesn't need
> to know which PageKite subdomain the user chooses, and doesn't need to
> generate or sign certs.

If the user doesn't have a static IP, then the user has to configure
dynamic DNS. Also solvable.

However, you seem to be assuming the box will have a public IP (static
or not) - that is almost never the case.  Usually the public IP is
reserved for your border router, which the FreedomBox may not be able
to replace.  Power users may be using their public ports already,
non-power-users will find port-forwarding to be a challenge.

Helping people with port-forwarding is not easy because of the
dizzying array of different devices out there, any instructions we
provide (or scripts, or...) will be inaccurate most of the time.  Some
routers will let us uPNP our way out, but much of the time you'll find
that the local Skype instance has already stolen port 443. :-)

> A power user might want to choose a different PageKite provider or
> certificate authority - there's no reason the software shouldn't
> support that.

This I absolutely agree with!

-- 
Bjarni R. Einarsson
Founder, lead developer of PageKite.

Make localhost servers visible to the world: https://pagekite.net/



More information about the Freedombox-discuss mailing list