>>>>> "Keith" == Keith Moore <moore@xxxxxxxxxxxxxxxxxxxx> writes:
Keith> IOW it's not only TLS and X.509 that are needed, but a
Keith> stack (including browser) that can use these without needing
Keith> DNS or external connectivity.
I've been doing this a fair bit for isolated networks for cyber training
and for other things in that space.
We end up providing a DNS and a PKI etc.
At this point it's going to be simpler to provide some good devops'd dns
and PKI than to go develop a custom browser.
I gave a talk on our work at
https://debconf20.debconf.org/talks/32-when-we-virtualize-the-whole-internet/
last year. It's focused more on the software packaging aspects of
setting up the more complex aspects of the infrastructure, but does give
an architectural overview for this sort of approach.
If all you need is DNS and PKI and the like, it's much simpler than the
problems I focus on in the talk.
