Comment by xp84

Comment by xp84 3 days ago

0 replies

View on Hacker News

> still nowhere for the TLS cert for your printer to live under this scheme. The printer itself has no concept of speaking TLS. (Why would it? It expects to only ever be local-segment routable

one minor correction: modern (even 5-10 year old) printers do support TLS -- and they even try to push you to use it when they only have the built-in self-signed certificate. I've seen screens encouraging me to "click trust" etc. which seems idiotic to train anyone to do when the stakes of letting them admin the printer, over the LAN, over HTTP are so low. I'm so sure that a random rogue IOT device on my LAN is listening to that printer administration traffic, real high-value stuff there. Mind you that this is unrelated to whether a rogue LAN actor could sniff the actual documents being printed, since I don't think computers are typically set up to print with IPP over TLS, but use unencrypted protocols instead.

Anyway, with my HP printer, you can upload a cert and key file and that way it'll use a cert of your choice.