Jonathan Rudenberg <jonat...@titanous.com> writes: >For communicating with other machines, the correct thing to do is to issue a >unique certificate for each device from a publicly trusted CA. The way Plex >does this is a good example: >https://blog.filippo.io/how-plex-is-doing-https-for-all-its-users/
But the Plex solution required DynDNS, partnering with a CA for custom hash- based wildcard certificates (and for which the CA had to create a new custom CA cert), and other tricks, I don't think that generalises. In effect this has given Plex their own in-house CA (by proxy), which is a point solution for one vendor but not something that any vendor can build into a product. Anyone from Plex want to comment on how much effort was involved in this? It'd be interesting to know what was required to negotiate this deal, and how long it took, just as a reference point for anyone else considering it. Peter. _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy