Hacker News new | past | comments | ask | show | jobs | submit login

This is neat!

However, given that allowing private IP resolution from a public DNS subdomain facilitates DNS rebinding attacks, it (and all equivalent approaches) will unfortunately be blocked by quite a few of the more sophisticated home routers out there, including a quite common brand in Germany.

Also, doesn't publishing a privkey for a public TLS certificate theoretically require it to be revoked under common browser CA standards...? Let's Encrypt seems to support it, at least: https://letsencrypt.org/docs/revoking/#using-the-certificate...




The certificate is revoked, your browser must not be checking for revocation. Browser support for revocation is pretty poor, unfortunately.

https://crt.sh/?id=9497801989&opt=ocsp


Hm, are these automatically revoked then as part of the service, or did somebody just revoke it?

Update: Seems to have just happened – after restarting, Firefox now does not accept it anymore!




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: