Watson, > On Dec 19, 2024, at 11:54 AM, Watson Ladd <watsonbl...@gmail.com> wrote: > ... > Why do you need .local vs. .sdfi24241.subscribers.isp.example.com and > setting that as a search domain?
The device is accessible by both names for the given address, so it should advertise both names in the certificate. > Also note that the local router can > make DHCP option advertisements to configure things. For sure. > .. > I don't understand why a one time requirement of net connectivity at > registration/renewal makes it worthless. Let's solve the 90% we can. Because there are environments where you don't have Internet connectivity *at all* (intentionally or unintentionally). Because requiring a local device to talk to a remote service exposes PII. I have worked in environments where you cannot access outside networks. I have also had the displeasure of setting up network gear (a router as it happens) that had a one-time requirement for Internet connectivity at a semi-remote location with spotty satellite Internet access, to the point that I returned said equipment and let the manufacturer know why. > The problem with local trusted authority is that we don't really have > a way to get it on the local devices, especially limited ones, that > people can use. Matter seems to do it. And really you are not talking about *all* IoT devices, just those that are capable of TLS and TCP/IP - less than that and you are bridging to other kinds of connectivity that provide their own layer of security/access. ________________________ Michael Sweet _______________________________________________ Acme mailing list -- acme@ietf.org To unsubscribe send an email to acme-le...@ietf.org
