| >Excuse my snark, but not everyone has a static v6 IP. I don't. My ISP doesn't have it either. (They've been promising it for 2 years but keep delaying working on it.) I have an HE tunnel. Also you ignored the sentence after that, which I had written to hopefully preempt this response. >Unless you happen to be behind a CGNAT or you're on a mobile network or or or or... Your server needs to have a globally reachable IP, yes. >This won't scale to more than like 5 devices without being a major work item if a key was compromised or needs to be rotated (what if it turns out the RNG device was bad on your kernel at the time? Happened to SSH Keys on RPi's). Depends on which key, of course. If a device's key needs to be rotated, you only touch that device and the server. If you rotate the server's key, then yes you touch every device. >And if that won't work you're gonna be stuck debugging the network setup. >if a key was compromised or needs to be rotated >Not everyone is that lucky. Sure. I know these things that happen never or rarely (currently, never), so I'm okay with doing them manually when they happen instead of outsourcing. I don't make decisions for other people or claim that what I do is best for other people. You should make decisions for yourself by evaluating the pros and cons for yourself. |