Hiya, On 31/08/17 22:46, Ben Schwartz wrote: > Hi all, > > This is a very late comment from IETF 99.
Here's an even later and less well-informed comment. (Sorry, I didn't notice the traffic on this draft before now;-) I really like the idea that the acme WG aims to figure out a way to enable people at home to use https with their home n/w routers. I'm not at all sure that a DNS-based approach here will cut the mustard, though it's a not-bad plan to define one in any case. I'd love that we chat about this topic involving folks from the acme and homenet WGs, as it seems those are the sets of IETF folks who might be most relevant for the discussion. Lastly, having read the WG mails related to this draft, I do get that a solution that doesn't muck around CAB forum policies is needed, (or else that browser should barf the cert) I'd also argue that it may be easier to work around CAB forum than the realities of DNS. (That said, I do not have a concrete suggestion for how to solve this problem, sorry;-) Cheers, S. > > I just wanted to speak up in support of draft-ietf-acme-ip, as a potential > user. My team has developed a product that makes it easy for users to open > an account on a VPS provider and start an instance of a server for personal > use. Our users are nontechnical, and they don't own a domain name. They > can barely handle opening one account; opening another one (with a > registrar and/or a certificate authority) would be a nonstarter. > > Currently, we can't offer users access to their server in a standard web > browser, because we can't programmatically acquire a certificate for them. > Instead, we generate a self-signed certificate, and pass the fingerprint > through a trusted channel to a special-purpose client. > > draft-ietf-acme-ip would allow our users to access their servers with at > least protection from a passive adversary. > > --Ben > > > > _______________________________________________ > Acme mailing list > Acme@ietf.org > https://www.ietf.org/mailman/listinfo/acme >
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Acme mailing list Acme@ietf.org https://www.ietf.org/mailman/listinfo/acme
