Is it reasonable to have a product that requires LLMNR or mDNS?
I am trying to figure out the best way to manage security certificates for embedded devices who's webpage is accessed via IP address, and then the scenario for when that IP address changes.
Currently, I am creating an RSA private key to sign a trusted root certificate that I install on the local PC's trusted root certificate cache, and then I create the certificate and key that is installed on the embedded device. This is obviously not the ideal solution; it was just a proof of concept solution that our devices could actually handle extra work of encryption/decryption.
The signing cert and the cert installed onto the board are both bound to the same IP address, so when that IP changes, this obviously causes the browser to complain.
So some options I've found so far include changing the host file on the local machine to map a host name to whatever IP, but this would involve touching every single PC to make this change, and updating it every time the IP address changes.
Then I found LLMNR and mDNS (which I do not fully understand yet), which would allow us to resolve a hostname, or hostname.local. However, the majority of what I can find online about these two protocols are articles talking about why you should DISABLE both of these entirely. So that leads me to my question... is this even worth pursuing any further? Are IT departments going to consider allowing these protocols assuming they know enough to have disabled them?
