Hacker News new | past | comments | ask | show | jobs | submit login

Whether you like it or not, all certs in the near future from all providers will be logged anyway.

Most sysadmin don't like their intranet adresses being in the log so as to not provide intel to intruders.




Ah. I didn't realize we will eventually. So if I get a cert for *.dev.example.com I am exposing just dev.example, but not foo.dev.example.com?


Yes, the log is static. It only contains the subject name if the certificate.

But there's little to fear from exposing internal domain names. DNS names are more or public knowledge - they are transmitted unencrypted, end up in plenty of caches etc. Attackers can probably brute force it or the PTR records anyway.




Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact

Search: