From: "Toke Høiland-Jørgensen" <toke@toke.dk>
To: Rich Brown <richb.hanover@gmail.com>,
Christoph Paasch <cpaasch@apple.com>
Cc: rpm@lists.bufferbloat.net
Subject: Re: [Rpm] Does RPM measurement *require* a valid SSL certificate
Date: Fri, 15 Oct 2021 18:38:24 +0200 [thread overview]
Message-ID: <87fst2z1j3.fsf@toke.dk> (raw)
In-Reply-To: <D54D12B4-9DF1-4CEC-A68F-2D57F7CA7250@gmail.com>
Rich Brown via Rpm <rpm@lists.bufferbloat.net> writes:
>> On Oct 14, 2021, at 4:27 PM, Christoph Paasch <cpaasch@apple.com> wrote:
>>
>> On 10/13/21 - 17:57, Rich Brown via Rpm wrote:
>>>
>>>> On Oct 13, 2021, at 3:45 PM, Randall Meyer <rrm@apple.com> wrote:
>>>>
>>>> We could add a “—insecure/-k” switch as a feature enhancement to the CLI.
>>>
>>> Or maybe just ignore the certificate. More options is worse, if you have to implement/explain/justify them.
>>
>> Ignoring is not a good option. Otherwise, traffic could be intercepted and
>> one could cheat its RPM-value by having a local termination-point on its AP.
>
> I see your concern, but I'm trying to balance that against my hope
> that RPM Servers can be widely deployed. I'm especially hopeful they'd
> be in our home routers, so we can check the local connections via
> Wi-Fi.
>
> To be clear about my concern: it's easy enough to stand up code to
> respond to the HTTPS requests. But it's a whole lot more work to get a
> signed SSL certificate, and that could discourage alternate
> implementations.
FYI, I maintain luci-app-acme on OpenWrt which makes it quite easy to
get a letsencrypt certificate. Requires the router to have a public IP,
and you need a domain name, but once you have that it's pretty point and
click :)
Not universal, but maybe doable for someone who is likely to deploy an
RPM server?
-Toke
next prev parent reply other threads:[~2021-10-15 16:38 UTC|newest]
Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-10-13 19:18 Rich Brown
2021-10-13 19:45 ` Randall Meyer
2021-10-13 21:57 ` Rich Brown
2021-10-14 20:27 ` Christoph Paasch
2021-10-15 15:10 ` Rich Brown
2021-10-15 16:38 ` Toke Høiland-Jørgensen [this message]
2021-10-15 17:19 ` Rich Brown
2021-10-15 16:38 ` Jonathan Foulkes
2021-10-20 18:30 ` Christoph Paasch
2021-10-20 18:47 ` Rich Brown
2021-10-20 23:04 ` Omer Shapira
2021-10-21 11:45 ` Toke Høiland-Jørgensen
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: https://lists.bufferbloat.net/postorius/lists/rpm.lists.bufferbloat.net/
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87fst2z1j3.fsf@toke.dk \
--to=toke@toke.dk \
--cc=cpaasch@apple.com \
--cc=richb.hanover@gmail.com \
--cc=rpm@lists.bufferbloat.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox