Hacker News
new
|
past
|
comments
|
ask
|
show
|
jobs
|
submit
login
projct
on July 11, 2018
|
parent
|
context
|
favorite
| on:
Chrome will mark all HTTP sites as ‘not secure’ st...
adding a local CA means you can middleman anything you want to, seems like something that should be difficult to do, to me.
zokier
on July 11, 2018
[–]
Name constraints are a thing. Local CA should be constrained to signing only local names (roughly matching dhcp domain-name/domain-search options).
detaro
on July 11, 2018
|
parent
[–]
Name constraints are not universally supported in browsers sadly.
deathanatos
on July 11, 2018
|
root
|
parent
[–]
And this should be fixed. Name constraints would be incredibly useful for a number of things, if only they were supported.
detaro
on July 11, 2018
|
root
|
parent
[–]
I believe Apple is the holdout in this case, meaning Safari and Chrome on MacOS don't support it.
Guidelines
|
FAQ
|
Lists
|
API
|
Security
|
Legal
|
Apply to YC
|
Contact
Search:
