Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

HTTPS for Local Networks #78

Open
carlosjoan91 opened this issue Sep 12, 2024 · 7 comments
Open

HTTPS for Local Networks #78

carlosjoan91 opened this issue Sep 12, 2024 · 7 comments
Labels
session Breakout session proposal

Comments

@carlosjoan91
Copy link

carlosjoan91 commented Sep 12, 2024

Session description

It is not possible to get a publicly trusted CA to sign a certificate for a local domain (i.e. a non-publicly resolvable domain name such as router.local, printer.home, 192.168.1.1, etc), so currently router configuration pages, IoT devices, media servers, etc. have to either: not use TLS, rely on complicated workarounds, or use self-signed certificates and ask users to click through security warnings.

This session's goal is to explore potential solutions to this problem, such as PAKE (Password-authenticated key exchange) and TOFU (trust on first use).

There was previously a Community Group dedicated to this problem, but discussions seem to have stalled, and the group was closed in 2023.

Session goal

Discuss potential ways HTTPS can be supported in local networks

Additional session chairs (Optional)

No response

Who can attend

Anyone may attend (Default)

IRC channel (Optional)

#https-for-local-networks

Other sessions where we should avoid scheduling conflicts (Optional)

No response

Instructions for meeting planners (Optional)

No response

Agenda for the meeting.

No response

Links to calendar

Meeting materials

@carlosjoan91 carlosjoan91 added the session Breakout session proposal label Sep 12, 2024
@tpac-breakout-bot
Copy link
Collaborator

Thank you for proposing a session!

You may update the session description as needed and at any time before the meeting, but please keep in mind that tooling relies on issue formatting: follow the instructions and leave all headings and other formatting intact in particular. Bots and W3C meeting organizers may also update the description, to fix formatting issues or add links and other relevant information. Please do not revert these changes. Feel free to use comments to raise questions.

Do not expect formal approval; W3C meeting organizers endeavor to schedule all proposed sessions that are in scope for a breakout. Actual scheduling should take place shortly before the meeting.

@backkem
Copy link

backkem commented Sep 19, 2024

I'm interested in joining the session remotely.

@backkem
Copy link

backkem commented Sep 21, 2024

I made some slides on what we've been doing in this area as part of WICG/local-peer-to-peer and w3c/openscreenprotocol. The former even has a ticket for Local HTTPS. Happy to talk over this in the session if there is enough interest.

@carlosjoan91
Copy link
Author

Talking about previous efforts to do this sounds good to me, and regarding remote joining, I'll add the Zoom link once I figure out the logistics for that.

@carlosjoan91
Copy link
Author

Looks like the Zoom information is already up in the calendar link. I've also added a link to the pad we'll use for meeting notes.

@carlosjoan91
Copy link
Author

Thanks everyone for attending. I've attached the slides.
HTTPS For Local Networks (TPAC 2024).pdf

@kyanha
Copy link

kyanha commented Sep 27, 2024

RFC7250 (bare public keys) might also be an option, particularly when contemplating IoT or TOFU? (I had no idea this was happening, else I would have participated while it was going on.)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
session Breakout session proposal
Projects
Status: No status
Development

No branches or pull requests

4 participants