(no title)
ncphil
|
2 years ago
Interesting idea, but I think I'll stick with DNS challenge and LetsEncrypt. Lazy me really needs to finally sit down and automate the process (all the pieces are in place on my registrar's side). Did the private CA thing for almost two decades, and yes, it was a PITA, but even that was mostly because I failed to invest the time to automate it (Linux and Windows devices aren't _that_ hard to manage with OSS tools, printers might be a harder challenge; Android refusing to play nice with private DNS just makes it easier to disregard it altogether, as do all those IoT firmwares that don't even pretend to give you a choice). Ultimately, the current infrastructure, like that for message encryption, is just too damn convoluted. Eventually it might get fixed, but I'll probably be long retired to an Internet dead zone by then (raising goats can't be harder than managing fleets of application servers, can it?).
No comments yet.