undefined | Better HN

0 pointscheschire6y ago0 comments

Could you run an internal CA server instead of self signing? At least then you reduce your attack surface if you’re compromised internally.

0 comments

BrandoElFollito6y ago

Yes, this is what is being done today.

My point was that HTTPS is (much) more complicated than bare HTTP and this is probably one of the reasons it is not taking over the web in a storm (though progress is undoubtedly there)

j / k navigate · click thread line to collapse

0 pointscheschire6y ago0 comments

Could you run an internal CA server instead of self signing? At least then you reduce your attack surface if you’re compromised internally.

0 comments

BrandoElFollito6y ago

Yes, this is what is being done today.

My point was that HTTPS is (much) more complicated than bare HTTP and this is probably one of the reasons it is not taking over the web in a storm (though progress is undoubtedly there)

j / k navigate · click thread line to collapse