Toerless Eckert <[email protected]> wrote: > If i want to go through all the trouble of A), assigning muggle friendly names first, > then i really wonder if we're promoting the best solution by first looking into > .local solutions instead of trying to figure out what's missing so that i can run > my own ACME certification on e.g.: my home (or private industry/enterprise) network's > router for my own global domain. And how to get this all auto-configured so that > muggles can operate it. I for once am not aware of any easily deployable self-hosted > ACME server solution, and if whatever we come up with for .local would not be a heck > of a lot easier than ACME, then we're not going to get that deployed either in the > networks where we would like it.
ACME is mostly about establishing authorization of the device across the
Internet using DNS. (Either DNS-01, or indirectly DNS for HTTP-01 challenge).
I'm not sure what it brings in a home network using .local.
Doing EST with an unauthenticated TLS connection, but using IPv6-LL addresses
would seem to be as strong as an HTTP-01 challenge would be.
> In other words: I'd love to see good solutions for B), and i'd challenge
the priority
> of A) (for .local) over solutions that do make global domain names more
> easy to use in non-internet
> use-cases. After all, it could be piece of cake to add my own networks
root-CA to
> my browsers web-pki trust-anchor list if we wanted that to be the
solution.
It's a piece of cake for you, and your five devices. Harder when you have
five members of the household with five devices each, and then guests. And
then, device to device communication.
Would you like to be able to shush your multi-room surround-sound music
so that you can hear: the door bell, the coffee is ready, or the oven has
preheated, waiting for the next tray of ordeuves?
--
Michael Richardson <[email protected]> . o O ( IPv6 IøT consulting )
Sandelman Software Works Inc, Ottawa and Worldwide
signature.asc
Description: PGP signature
_______________________________________________ Anima mailing list -- [email protected] To unsubscribe send an email to [email protected]
