03-07-2025, 10:18 AM
(This post was last modified: 03-07-2025, 10:20 AM by the_bertrum.)
I would not be at all surprised if the UK and US versions of "stock" Android are different in more ways that those quirky esoteric spellings you folks have 
As to point of difference 1, yes I do have a local CA, but it isn't a "server" as such. It isn't "running" and isn't consulted in the process at all. The browser has a CA issued file that says "trust things signed with me" and moOde sends a file that is signed such that the browser sees it is trusted by the CA file. I'll remove the local CA file and try again even though if that has a difference then Authority doesn't work anything like I understand it. I'll cry if it makes a difference.
Point of difference 2, nope it's mDNS all the way for me as well. I'm using ".local" addresses throughout, although certs issued by my local CA also cover the (reserved) IPs of my players as belt and braces. If mDNS isn't reliable then getting the IP into the certificate will definitely improve things.
Finally, the "insecure" warning from Firefox is actually strictly correct when using this method. We have made our certificate of authority (I'm the authority who says who you can trust) and our certificate of identity (The authority you trust gave me this to prove I'm who I say I am) into the same certificate. The moOde player is saying to the browser "I'm moOde and you can trust I am who I say I am because I have said so". Firefox says "are you sure?", other browsers shrug and get on with it. You are encrypted, but you are not strictly secure because there's no trust.
As to point of difference 1, yes I do have a local CA, but it isn't a "server" as such. It isn't "running" and isn't consulted in the process at all. The browser has a CA issued file that says "trust things signed with me" and moOde sends a file that is signed such that the browser sees it is trusted by the CA file. I'll remove the local CA file and try again even though if that has a difference then Authority doesn't work anything like I understand it. I'll cry if it makes a difference.
Point of difference 2, nope it's mDNS all the way for me as well. I'm using ".local" addresses throughout, although certs issued by my local CA also cover the (reserved) IPs of my players as belt and braces. If mDNS isn't reliable then getting the IP into the certificate will definitely improve things.
Finally, the "insecure" warning from Firefox is actually strictly correct when using this method. We have made our certificate of authority (I'm the authority who says who you can trust) and our certificate of identity (The authority you trust gave me this to prove I'm who I say I am) into the same certificate. The moOde player is saying to the browser "I'm moOde and you can trust I am who I say I am because I have said so". Firefox says "are you sure?", other browsers shrug and get on with it. You are encrypted, but you are not strictly secure because there's no trust.
----------------
Robert
Robert
