Any solution will have to involve the device doing something, and something validating the device. If we can get the user ISP (I know, I know), to produce a residential domain setup like fijinb23.users.example.com, then the router ((I know I know)can somehow gather that a new printer has been added, give the printer printer.fijnb23.users.example.com via communication to the ISP, and set the DNS challenge entries to respond to a request for DCV validation that results in a cert being sent back to the printer with a CSR the printer generates.
There's lots of problems here, but I think this strawman shows the problem can be solved, and it's just a matter of improvements.
_______________________________________________ Acme mailing list -- acme@ietf.org To unsubscribe send an email to acme-le...@ietf.org
