This pre-RFC is for early discussion and not a proper RFC yet, because it contains ambiguity and undecided options and questions, and is not yet following RFC 0001 properly.
UPDATE: Thank you all for the valuable comments! I'll summarize the outstanding questions or current decisions below for the next draft, and I'll close this PR as it is and start a new one on a new branch, so that the discussion history can be preserved.
Use a local CA or issue self-signed certificates separately for each server instance? CA is easier to trust a single root certificate, and separate self-signed certificates is just cleaner like how SSH handles the server fingerprints.
Store optional TLS settings in server config, don't use command parameters.
UNIX socket: remove non-admin ones, clear text for admin socket and use the binary protocol only.
We probably don't need passphrasses on the generated private keys?
The client should transparently work with dev certs and prod certs, no additional switch is to be added.
If an ALPN negotiation didn't succeed, error out.
Optional TLS settings should have the same default as Python does.
If the user brings cert files with them, we should just use them in place. Importing/copying adds more unnecessary work to us.
NO for integrating with letsencrypt or something similar.
Supporting client certificate authentication is a nice to have for this RFC.
Who eventually generates the certificates? The Python server or the Rust CLI? Sounds like we'll use the Rust CLI.
This pre-RFC is for early discussion and not a proper RFC yet, because it contains ambiguity and undecided options and questions, and is not yet following RFC 0001 properly.
rendered
UPDATE: Thank you all for the valuable comments! I'll summarize the outstanding questions or current decisions below for the next draft, and I'll close this PR as it is and start a new one on a new branch, so that the discussion history can be preserved.