> On 12 Apr 2021, at 19:54, Alan DeKok <[email protected]> wrote: > > On Apr 12, 2021, at 12:22 PM, Joseph Salowey <[email protected]> wrote: >> [Joe] without some sort of name matching using certs from a public CA is >> unwise. > > The only other alternative is to "pin" the server cert. Many systems > support this. Perhaps mentioning [Trust On] First Use (TOFU) would help here. >
That won’t work for headless wireless. Yes, we have kicked that hornet’s nest. I hope everyone is wearing appropriate netting. Eliot
signature.asc
Description: Message signed with OpenPGP
_______________________________________________ Emu mailing list [email protected] https://www.ietf.org/mailman/listinfo/emu
