An example of the STAR solution in local network

igarashi50 commented 6 years ago

I am thinking of an example about STAR solution in local network. Please review it and make your comments.

dajiaji commented 6 years ago

Many thanks for your proposal! I merged it but I'm concerned about:

'NDO' should be 'DNO' ?
Isn't it necessary for NDC to achieve an ACME challenge in the refresh step? If it is true, I think NDC cannot refresh the certificate in STAR-compliant way because NDC cannot control the DNS entry directly and cannot choose a HTTP-based ACME challenge.

igarashi50 commented 6 years ago

Many thanks for your proposal! I merged it but I'm concerned about: 'NDO' should be 'DNO' ?

Thanks, it is a typo. I will change to 'DNO'.

Isn't it necessary for NDC to achieve an ACME challenge in the refresh step? If it is true, I think NDC cannot refresh the certificate in STAR-compliant way because NDC cannot control the DNS entry directly and cannot choose a HTTP-based ACME challenge.

The draft of STAR does not clearly state an ACME challenge at the refresh step. 2.2 Refresh in STAR. I guess that the refresh will be automatically by ACME Server and STAR Server(NDO), so NDC communicates only with ACME server to refresh the cert. I need to study this furthermore.

httpslocal / usecases

An example of the STAR solution in local network #16