I'd love to hear a response from @trailofbits about this reported behavior in its new Algo VPN. If true, it strikes me as a deal breaker.https://twitter.com/FiloSottile/status/808355117011521537 …
All of this requires testing with clients. Not sure how things like iOS will react.
-
-
hmmm there are people who should actually be on this thread
@rmhrisk@randomoracle -
But as you suggest, trust anchors can be different between client & server side…
-
And if server-side used LetsEncrypt, there's no need to add random root CA to all clients
-
LE should totally be used for the server if public name.
-
I don't want to depend on users setting up a DNS provider / name for themselves.
-
dyn or similar?
-
It's hard enough asking for a DigitalOcean API key. I'm aiming for lowest common denominator.
-
think dynamic registration with a DNS provider is automatable.
- 1 more reply
New conversation -
-
-
well, hate to say it, but status quo is pretty dealbreak-y
-
(Hate to say it literally because one-click actually making ipsec work is in the world of hell-yeah-about-time)
End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.