Remix.run Logo
jmbwell 41 minutes ago

I don’t know much in this space, but I find myself wishing there was a dead simple self hosted CA solution and also that trust on first use (à la ssh) was A Thing for self-managed root certs in client implementations. TOFU is such an elegant, good-enough solution for these use cases. Fixed deployment is always still an option, but in this day and age it feels so much like we are unnecessarily still dealing with solved problems

nijave 38 minutes ago | parent [-]

On k8s, there's cert-manager but also you need k8s...

Most browsers support trust on first use for leaf certs

jmbwell 34 minutes ago | parent [-]

I guess I mean treat it as a clear first class feature. Right now most browsers treat it as an arcane error. I’m thinking more “This is the first time you’re connecting to this site. Do you trust it?”

And later if something changes, then they can do the whole DOING SOMETHING NASTY! thing, which is effectively the experience today