Hacker News new | past | comments | ask | show | jobs | submit login

I like the idea of a bare IP address instead of relying on DNS at all, but that seems to prevent use of HTTPS.



Technically speaking, HTTPS can work with IP addresses --- the certificate just has to be issued for the IP.

But for SciHub, HTTPS is another point of censorship: the CA could simply revoke the certificate, making people believe that the site is insecure.


There's nothing stopping them from releasing their own root CA or their users accepting a self-signed cert. A pain in the ass, absolutely, but not insurmountable.


>that seems to prevent use of HTTPS.

notable counter-example: https://1.1.1.1/

it doesn't work for internet explorer though.


Interesting. It appears to be kept in an extension, the regular CN field is for .cloudflare-dns.com:

Not Critical DNS Name: .cloudflare-dns.com IP Address: 1.1.1.1 IP Address: 1.0.0.1 DNS Name: cloudflare-dns.com IP Address: 2606:4700:4700::1111 IP Address: 2606:4700:4700::1001


I'm surprised a CA would sign a certificate for that, but OK.


They do, but you probably have to pay for the plan that includes manual checking. Works for IPv6 too: https://[2606:4700:4700::1111]/




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: