Who benefits from this? Even though Let’s Encrypt stresses that most site operators will do fine sticking with ordinary domain certificates, there are still scenarios where a numeric identifier is the only practical choice:

Infrastructure services such as DNS-over-HTTPS (DoH) – where clients may pin a literal IP address for performance or censorship-evasion reasons.
IoT and home-lab devices – think network-attached storage boxes, for example, living behind static WAN addresses.
Ephemeral cloud workloads – short-lived back-end servers that spin up with public IPs faster than DNS records can propagate.
  • fmstrat@lemmy.nowsci.com
    link
    fedilink
    English
    arrow-up
    7
    ·
    15 hours ago

    I use a domain, but for homelab I eventually switched to my own internal CA.

    Instead of having to do service.domain.tld it’s nice to do service.lan.

      • fmstrat@lemmy.nowsci.com
        link
        fedilink
        English
        arrow-up
        2
        ·
        6 hours ago

        I just use openssl"s built in management. I have scripts that set it up and generate a .lan domain, and instructions for adding it to clients. I could make a repo and writeup if you would like?

        As the other commenter pointed out, .lan is not officially sanctioned for local use, but it is not used publicly and is a common choice. However you could use whatever you want.

        • fmstrat@lemmy.nowsci.com
          link
          fedilink
          English
          arrow-up
          3
          ·
          6 hours ago

          No thanks. I get some people agreed to this, but I’m going to continue to use .lan, like so many others. If they ever register .lan for public use, there will be a lot of people pissed off.

          IMO, the only reason not to assign a top-level domain in the RFC is so that some company can make money on it. The authors were from Cisco and Nominum, a DNS company purchased by Akamai, but that doesnt appear to be the reason why. .home and .homenet were proposed, but this is from the mailing list:

          1. we cannot be sure that using .home is consistent with the existing (ab)use
          2. ICANN is in receipt of about a dozen applications for “.home”, and some of those applicants no doubt have deeper pockets than the IETF does should they decide to litigate

          https://mailarchive.ietf.org/arch/msg/homenet/PWl6CANKKAeeMs1kgBP5YPtiCWg/

          So, corporate fear.