|
|
|
|
|
|
by seiferteric
1488 days ago
|
|
|
An issue I don't think is addressed is how do you get a valid certificate for a server on a local network? Like setting a new device or router, you often type in the IP address (or maybe mDN name), then you either have to use http, or for https you get a warning and have to add an exception for an invalid certificate... How would one even solve this issue on a local network? I had an idea that I was thinking would be a cool RFC, have the router run a CA, then pass a DHCP (or RA) option with a local CA certificate for the end-user device to trust. Then services could request server certs from it (via ACME protocol). The issue though is that this gives too much power to the network operator. Imagine connecting to wifi at a coffee shop and they decide to MITM your google connections... |
|
|