richb-hanover
commented
2 years ago I want to expand on my prior request to help people who want to implement RPM servers on new hardware/new environments. As we discussed in the call today, it would be intriguing to create a package for OpenWrt, or create a Dockerfile to run on a Raspberry Pi.
Implementors for these environments run into hurdles that aren't addressed in the current documentation:
-
What's the difference between the
-key-fileand the-cert-file? Is there clear documentation for generating each? -
The instructions should indicate how to generate certificates for an OpenWrt router or Raspberry Pi with a numeric IP address (such as 192.168.1.1, 10.0.34.17, or 172.30.42.35) since they are unlikely to have a DNS name. (But, extra points for telling how add a mDNS name into the certificate.)
-
Is a self-signed certificate valid? https://github.com/network-quality/draft-ietf-ippm-responsiveness/issues/37#issuecomment-1076907230 makes it seem that it's the RPM Client's choice. But the server code's README.md at line 26 makes it sound as if the self-signed certficate is bad when it says:
NOTE: The
networkQualityCLI tool will only connect to a server presenting a valid SSL certificate. If you are using a custom CA, ensure the CA is trusted by the system. -
This might be resolved if the
networkQualityCLI tool on macOS were changed to give a warning if it detects an invalid SSL certificate. (Then the test would work, present accurate measurements, but indicate that the results may not be from a trusted host.)
For us duffers out here, could you provide instructions for generating the certs that are necessary to use the swift/go versions? (Even if it's a self-signed cert...) Thanks.