undefined | Better HN

story

0 pointskevincox1y ago0 comments

Yes, but then you are putting more information into the publically logged certificate. So it is a tradeoff between scope of certificate and data leak.

I guess you can use a pattern like {human name}.{random}.internal but then you lose memoribility.

0 comments

8organicbits1y ago

I've considered building tools to manage decoy certificates, like it would register mail.example.com if you didn't have a mail server, but I couldn't justify polluting the cert transparency logs.

lacerrr1y ago

Made up problem, that approach is fine.

j / k navigate · click thread line to collapse

0 comments

8organicbits1y ago

I've considered building tools to manage decoy certificates, like it would register mail.example.com if you didn't have a mail server, but I couldn't justify polluting the cert transparency logs.

lacerrr1y ago

Made up problem, that approach is fine.

j / k navigate · click thread line to collapse