Ted Lemon <[email protected]> wrote: barbara> The CABF is about "publicly trusted certificates". There is no need or
...
> (2) the issue with browser warnings isn't that they are annoying. It's
that
> if we train users to click through them when managing the homenet, we are
> also training them to click through them at other times. This creates an
> attack surface in the user that we'd rather not create.
I was trying to understand how CABF was relevant.
I guess the point was how to get a new trust anchor added *globally* that
would somehow be able to issue certificates that were relevant/bound to
home.arpa names?
I don't think that this is an immediate concern; if we had some useful
experiment that we could do we could do it with a sub-CA or with a private
anchor.
I think that Windows, OSX, and Android have system-wide ways to install new
trust anchors that browser will generally trust. libnss on many Linux
distros provides something similiar. I assume iOS does too. As such, it
should be possible for an application/app on a home desktop to exist that
would interact with all the devices involved (providing certificates from a
private trust anchor), and to install the private trust anchor.
How one spreads that trust anchor to the rest of the family, relatives,
etc. is an issue.
but, none of this is really relevant to delegation of home.arpa, I think.
--
Michael Richardson <[email protected]>, Sandelman Software Works
-= IPv6 IoT consulting =-
signature.asc
Description: PGP signature
_______________________________________________ homenet mailing list [email protected] https://www.ietf.org/mailman/listinfo/homenet
