|
|
|
|
|
|
by semi
752 days ago
|
|
|
Public keys should be rotated which would expire links. I think just having trust on first use would bridge most of the gap for local devices. .. Now if we could get local socket support for talking to your own device and avoid arbitrary port reservation on localhost, that would make me happy. |
|
|
Sometimes public keys should be rotated, and this would indeed expire links. And sometimes they shouldn’t be (a key pair in a TPM-like device in an embedded system would make a lot of sense).
> I think just having trust on first use would bridge most of the gap for local devices.
This has the exact same key rotation problem. And you can get quite close to TOFU with an HTTP page that links to a a hypothetical HTTPS+key link.