Do user endpoints ever talk to eachother, or are they always trusting the VPN concentrator?
-
-
Replying to @dakami @dangoodin001
Endpoints aren't talking to eachother, only to the concentrator.
1 reply 0 retweets 0 likes -
Replying to @dguido @dangoodin001
Maybe we have two roots, one authing server to user, one authing user to server, latter no serverauth, former ephem?
2 replies 0 retweets 1 like -
Replying to @dakami @dangoodin001
All of this requires testing with clients. Not sure how things like iOS will react.
2 replies 0 retweets 0 likes -
Replying to @dguido @dangoodin001
hmmm there are people who should actually be on this thread
@rmhrisk@randomoracle3 replies 0 retweets 0 likes -
But as you suggest, trust anchors can be different between client & server side…
1 reply 0 retweets 1 like -
Replying to @randomoracle @dakami and
And if server-side used LetsEncrypt, there's no need to add random root CA to all clients
2 replies 0 retweets 1 like -
Replying to @randomoracle @dakami and
LE should totally be used for the server if public name.
1 reply 0 retweets 0 likes -
Replying to @rmhrisk @randomoracle and
I don't want to depend on users setting up a DNS provider / name for themselves.
1 reply 0 retweets 0 likes -
It's hard enough asking for a DigitalOcean API key. I'm aiming for lowest common denominator.
-
-
Replying to @dguido @randomoracle and
think dynamic registration with a DNS provider is automatable.
2 replies 0 retweets 1 like -
Replying to @rmhrisk @randomoracle and
I filed a ticket to track discussion about this issue https://github.com/trailofbits/algo/issues/155 …
0 replies 0 retweets 2 likes
End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.