upvote
That's not it. If you have an internal network, where every host is provisioned by you, you already control identity.

In that case there's no need to validate anything as names, dns records, certificates and anything else should already be in place.

reply
There's certainly something to be said for ease of use and not having to ensure you push trusted certs to every device that touches your internal network.

Unless you enjoy that sort of thing.

reply