undefined | Better HN

0 pointsAyesh5y ago0 comments

Neverssl has done some pretty nifty work to avoid caching. It redirects you to a random subdomain over plain HTTP just to make sure the browser has a cold cache. Maintaining a domain, the redirects, and making sure to _not_ accidentally obtain a certificate is a burden I wouldn't want to do, although it is not that difficult to do.

I was reading from neverssl maintainer that they get a _lot_ of traffic, questionable ones more than it is not. Its DNS runs on AWS IIRC, and we all know Route53 isn't the cheapest.

0 comments

3 comments · 3 top-level

GormanFletcher5y ago

Having lived through the debut of Firesheep, which prompted the industry to get serious about using TLS, its an amusing triumph of cybersecurity that today a site has to be careful to not accidentally get issued a certificate. Back in 2010, when certificates cost substantial sums and needed some expertise to apply for and install, I wouldn't have guessed we'd ever get to this point.

nerdponx5y ago

Interesting, I haven't encountered either of these issues, but I serve about 1 request a month (to myself) and have Certbot running automatically.

EE84M3i5y ago

IIRC the neverssl maintainer _works_ at AWS.

j / k navigate · click thread line to collapse