Hacker News new | past | comments | ask | show | jobs | submit login

But how is the network securely going to tell the computer which https server to use? I can get a certificate for any server I put on the network.



Using DHCP, the same tool that can configure any client computer with addresses and gateways, meaning you hopefully secure that already.

Some switches give you tools to mark a few physical ports as "truster", allowing DHCP OFFER from those; and drop (or ever shutdown the port!) when such a packet is received on an untrusted port.


If you can trust DHCP, why can't you trust TFTP? Your smart switch could drop TFTP packets just like it drops DHCP packets and you're good again.

(Yes, yes, pxe doesn't check for secureboot signatures)




Consider applying for YC's Spring batch! Applications are open till Feb 11.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: