undefined | Better HN

0 pointsthebeardisred1y ago0 comments

Additionally how do you define publish?

When someone embeds https://test.internal with a cert validation turned off (rather then fingerprint pinning or setting up an internal CA) in their mobile application that client will greedily accept whatever response is provided by their local resolver... Correct or malicious.

0 comments

bawolff1y ago

That seems kind of besides the point. If you turn off cert validation, it doesn't matter if the domain name is internal or external.

j / k navigate · click thread line to collapse

0 pointsthebeardisred1y ago0 comments

Additionally how do you define publish?

0 comments

bawolff1y ago

That seems kind of besides the point. If you turn off cert validation, it doesn't matter if the domain name is internal or external.

j / k navigate · click thread line to collapse