Possibility of SSL as default

[ryanteck]

We'll target this for the September Release of seeing about having an SSL Certificate somekind enabled as default.

[ryanteck]

Investigations started:

Implementing this does pose a few challenges but we should be able to overcome some of them.

Essentially a majority of this would have to be done in a first boot script rather than in compiling the SD card image. Otherwise every device flashed with the same image would have the same keys potentially causing the ability for attacks.

Second: There is a chance the user will get confused as to why they're seeing a message saying the site is insecure. This could be the biggest issue. For reference many home routers don't have an SSL for this reason. It's a barrier.

Third: a user may have multiple gateways on a network and one feature to be added in is allowing the hostname to be changed. So this would require the ability to also re-gen the certificate every time this happens.

[ryanteck]

To-do: Setup a cert manually on one of my gateways, and then see how easy it is to overcome the warnings as this would be the biggest barrier.

[ryanteck]

I want to re-look into this as can see it being a good feature to do.

[ryanteck]

Yep we'll do this, it's only one small warning that pops up now.

[ryanteck]

This is all implemented in the docker container for the controller.