>> you couldn't use the fact that you can publish in a name in it >> to do the ACME authentication. > > there SHOULD NOT be the ACME authentication or any neccessarity of any > other authentication, as these domain names need not be unique ... > > in case you use 'teddynet.home.arpa.' and I use this domain name, too; > we wouldn't have the same x509 SSL certificate, because each of us uses > its own private key ... > > why not just define the org. that hosts the ARPA TLD (IANA?), as the CA > for these domains and the root certificate as built in token to the common > browsers and/or operating systems? > there it should only be neccessary to upload the certificate request, > gicwn the '.home.arpa.' domain name, and an email address where the > certificate is sent to; > the certificate will be a wild card certificate for this .home.arpa. > domain .. > > I would want this to be added as additional section to this Draft/RFC;
If you're going through all this trouble of having a central API that will hand out certificates, wouldn't it be possible to make that same authority hand out pseudo-random unique subdomains (of some suitable domain; not necessarily .home.arpa)? Then you are only an NS record from solving the globally visible naming problem... :) -Toke _______________________________________________ homenet mailing list homenet@ietf.org https://www.ietf.org/mailman/listinfo/homenet