HTTPS for Local Networks
- Past
- Confirmed
- Breakout Sessions
- Past
- Confirmed
- Breakout Sessions
Meeting
It is not possible to get a publicly trusted CA to sign a certificate for a local domain (i.e. a non-publicly resolvable domain name such as router.local, printer.home, 192.168.1.1, etc), so currently router configuration pages, IoT devices, media servers, etc. have to either: not use TLS, rely on complicated workarounds, or use self-signed certificates and ask users to click through security warnings.
This session's goal is to explore potential solutions to this problem, such as PAKE (Password-authenticated key exchange) and TOFU (trust on first use).
There was previously a Community Group dedicated to this problem, but discussions seem to have stalled, and the group was closed in 2023.
Agenda
Chairs:
Carlos IbarraLopez
Description:
It is not possible to get a publicly trusted CA to sign a certificate for a local domain (i.e. a non-publicly resolvable domain name such as router.local, printer.home, 192.168.1.1, etc), so currently router configuration pages, IoT devices, media servers, etc. have to either: not use TLS, rely on complicated workarounds, or use self-signed certificates and ask users to click through security warnings.
This session's goal is to explore potential solutions to this problem, such as PAKE (Password-authenticated key exchange) and TOFU (trust on first use).
There was previously a Community Group dedicated to this problem, but discussions seem to have stalled, and the group was closed in 2023.
Goal(s):
Discuss potential ways HTTPS can be supported in local networks
Materials:
Minutes
Read minutesExport options
Personal Links
Please log in to export this event with all the information you have access to.
Public Links
The following links do not contain any sensitive information and can be shared publicly.
Feedback
Report feedback and issues on GitHub.
Report feedback and issues on