Jakob Bohm via dev-security-policy <[email protected]> writes:
>Unfortunately, for these not-quite-web-server things (printers, routers >etc.), automating use of the current ACME Let's encrypt protocol with or >without hardcoding the Let's Encrypt URL is a non-starter for anyone using >these things in a more secure network and/or beyond the firmware renewal >availability from the vendor. That's one of the least concerns with IoS devices. For one thing they're mostly going to have RFC 1918 addresses or non-qualified names, which CAs aren't supposed to issue certs for (not that that's ever stopped them in the past). Then the CA needs to connect back to the device to verify connection to the domain name it's issuing the cert for, which shouldn't be possible for any IoS device that's set up properly. And I'm sure there's more... Peter. _______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
