[LeonM]

> The cert is meaningless if there’s nowhere for the traffic to route.

The cert has a meaning: it reveals your intent to do something with it.

I.e. if apple was to buy a cert for car.apple.com before they announce a car, that could be bad for them.

[koolba]

That’s fair point for giving intent if there’s a human facing name for the DNS entry. I was referring to the security implications of having a public endpoint exposed, or more accurately not being exposed because there’s no way to route traffic to it.