[Rpm] Does RPM measurement *require* a valid SSL certificate
Toke Høiland-Jørgensen
toke at toke.dk
Fri Oct 15 12:38:24 EDT 2021
Rich Brown via Rpm <rpm at lists.bufferbloat.net> writes:
>> On Oct 14, 2021, at 4:27 PM, Christoph Paasch <cpaasch at apple.com> wrote:
>>
>> On 10/13/21 - 17:57, Rich Brown via Rpm wrote:
>>>
>>>> On Oct 13, 2021, at 3:45 PM, Randall Meyer <rrm at apple.com> wrote:
>>>>
>>>> We could add a “—insecure/-k” switch as a feature enhancement to the CLI.
>>>
>>> Or maybe just ignore the certificate. More options is worse, if you have to implement/explain/justify them.
>>
>> Ignoring is not a good option. Otherwise, traffic could be intercepted and
>> one could cheat its RPM-value by having a local termination-point on its AP.
>
> I see your concern, but I'm trying to balance that against my hope
> that RPM Servers can be widely deployed. I'm especially hopeful they'd
> be in our home routers, so we can check the local connections via
> Wi-Fi.
>
> To be clear about my concern: it's easy enough to stand up code to
> respond to the HTTPS requests. But it's a whole lot more work to get a
> signed SSL certificate, and that could discourage alternate
> implementations.
FYI, I maintain luci-app-acme on OpenWrt which makes it quite easy to
get a letsencrypt certificate. Requires the router to have a public IP,
and you need a domain name, but once you have that it's pretty point and
click :)
Not universal, but maybe doable for someone who is likely to deploy an
RPM server?
-Toke
More information about the Rpm
mailing list