w3c / tpac2024-breakouts

Repository set up to collect and organize breakout session proposals for TPAC 2024
3 stars 0 forks source link

HTTPS for Local Networks #78

Open carlosjoan91 opened 2 months ago

carlosjoan91 commented 2 months ago

Session description

It is not possible to get a publicly trusted CA to sign a certificate for a local domain (i.e. a non-publicly resolvable domain name such as router.local, printer.home, 192.168.1.1, etc), so currently router configuration pages, IoT devices, media servers, etc. have to either: not use TLS, rely on complicated workarounds, or use self-signed certificates and ask users to click through security warnings.

This session's goal is to explore potential solutions to this problem, such as PAKE (Password-authenticated key exchange) and TOFU (trust on first use).

There was previously a Community Group dedicated to this problem, but discussions seem to have stalled, and the group was closed in 2023.

Session goal

Discuss potential ways HTTPS can be supported in local networks

Additional session chairs (Optional)

No response

Who can attend

Anyone may attend (Default)

IRC channel (Optional)

https-for-local-networks

Other sessions where we should avoid scheduling conflicts (Optional)

No response

Instructions for meeting planners (Optional)

No response

Agenda for the meeting.

No response

Links to calendar

Meeting materials

tpac-breakout-bot commented 2 months ago

Thank you for proposing a session!

You may update the session description as needed and at any time before the meeting, but please keep in mind that tooling relies on issue formatting: follow the instructions and leave all headings and other formatting intact in particular. Bots and W3C meeting organizers may also update the description, to fix formatting issues or add links and other relevant information. Please do not revert these changes. Feel free to use comments to raise questions.

Do not expect formal approval; W3C meeting organizers endeavor to schedule all proposed sessions that are in scope for a breakout. Actual scheduling should take place shortly before the meeting.

backkem commented 2 months ago

I'm interested in joining the session remotely.

backkem commented 2 months ago

I made some slides on what we've been doing in this area as part of WICG/local-peer-to-peer and w3c/openscreenprotocol. The former even has a ticket for Local HTTPS. Happy to talk over this in the session if there is enough interest.

carlosjoan91 commented 1 month ago

Talking about previous efforts to do this sounds good to me, and regarding remote joining, I'll add the Zoom link once I figure out the logistics for that.

carlosjoan91 commented 1 month ago

Looks like the Zoom information is already up in the calendar link. I've also added a link to the pad we'll use for meeting notes.

carlosjoan91 commented 1 month ago

Thanks everyone for attending. I've attached the slides. HTTPS For Local Networks (TPAC 2024).pdf

kyanha commented 1 month ago

RFC7250 (bare public keys) might also be an option, particularly when contemplating IoT or TOFU? (I had no idea this was happening, else I would have participated while it was going on.)