Intro
By Jonathan FetherThis project is aimed at resolving the continual problem all embedded software developers have come to loathe: SSL Certificates for IoT devices.
In my years of experience, I've come to find this a very frustrating part of the development experience. The main problem is that such devices live in RFC1918 networks, and even if they didn't, they don't have a proper domain name. They don't qualify to get an SSL certificate. This causes numerous problems with recent restrictions on web APIs requiring a "Secure Context".
My proposed solution
My solution is to allow individual end-users to register an account on iotssl.org
, iotssl.net
, or a custom domain to point to manage their devices. An API would allow users to enroll a device, and then access it with a domain name similar to devicename.username.iotssl.org
. A device manufacturer could also host their own iotssl implementation just for use with their devices, similar to how Netgear's routerlogin.com works, but with encryption. The DNS service would be similar to a Dynamic DNS service but providing "A" records for RFC1918 IP addresses, unless the project's scope found later that was not ideal.
In this way, the device can be assigned an SSL certificate through Let's Encrypt. However, I recognize this could have issues due to the rate limits in place per domain. Hopefully this issue can be overcome as well.
At the moment, this is just a placeholder for a project I hope to dig in to at some later date.