[Rpm] Does RPM measurement *require* a valid SSL certificate

[Toke Høiland-Jørgensen]

Rich Brown via Rpm <rpm at lists.bufferbloat.net> writes:

>> On Oct 14, 2021, at 4:27 PM, Christoph Paasch <cpaasch at apple.com> wrote:
>> 
>> On 10/13/21 - 17:57, Rich Brown via Rpm wrote:
>>> 
>>>> On Oct 13, 2021, at 3:45 PM, Randall Meyer <rrm at apple.com> wrote:
>>>> 
>>>> We could add a “—insecure/-k” switch as a feature enhancement to the CLI.
>>> 
>>> Or maybe just ignore the certificate. More options is worse, if you have to implement/explain/justify them. 
>> 
>> Ignoring is not a good option. Otherwise, traffic could be intercepted and
>> one could cheat its RPM-value by having a local termination-point on its AP.
>
> I see your concern, but I'm trying to balance that against my hope
> that RPM Servers can be widely deployed. I'm especially hopeful they'd
> be in our home routers, so we can check the local connections via
> Wi-Fi.
>
> To be clear about my concern: it's easy enough to stand up code to
> respond to the HTTPS requests. But it's a whole lot more work to get a
> signed SSL certificate, and that could discourage alternate
> implementations.

FYI, I maintain luci-app-acme on OpenWrt which makes it quite easy to
get a letsencrypt certificate. Requires the router to have a public IP,
and you need a domain name, but once you have that it's pretty point and
click :)

Not universal, but maybe doable for someone who is likely to deploy an
RPM server?

-Toke