On Tue, Apr 14, 2015 at 9:57 AM, <hugoosvaldobarr...@gmail.com> wrote:
> I'm curious as to what would happen with things that cannot have TLS > certificates: routers and similar web-configurable-only devices (like small > PBX-like devices, etc). > > They don't have a proper domain, and may grab an IP via radvd (or dhcp on > IPv4), so there's no certificate to be had. > > They'd have to use self-signed, which seems to be treated pretty badly > (warning message, etc). > > Would we be getting rid of the self-signed warning when visiting a website? > Well, no. :) Note that the primary difference between opportunistic security (which is HTTP) and HTTPS is authentication. We should think about what sorts of expectations people have for these devices, and to what degree those expectations can be met. Since you bring up IPv6, there might be some possibility that devices could authenticate their IP addresses automatially, using cryptographically generated addresses and self-signed certificates using the same public key. http://en.wikipedia.org/wiki/Cryptographically_Generated_Address --Richard > _______________________________________________ > dev-platform mailing list > dev-platform@lists.mozilla.org > https://lists.mozilla.org/listinfo/dev-platform > _______________________________________________ dev-platform mailing list dev-platform@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-platform