Hacker News new | ask | show | jobs
by lxgr 1054 days ago
This is neat!

However, given that allowing private IP resolution from a public DNS subdomain facilitates DNS rebinding attacks, it (and all equivalent approaches) will unfortunately be blocked by quite a few of the more sophisticated home routers out there, including a quite common brand in Germany.

Also, doesn't publishing a privkey for a public TLS certificate theoretically require it to be revoked under common browser CA standards...? Let's Encrypt seems to support it, at least: https://letsencrypt.org/docs/revoking/#using-the-certificate...
1 comments
8organicbits 1054 days ago
The certificate is revoked, your browser must not be checking for revocation. Browser support for revocation is pretty poor, unfortunately.

https://crt.sh/?id=9497801989&opt=ocsp

link
lxgr 1054 days ago
Hm, are these automatically revoked then as part of the service, or did somebody just revoke it?

Update: Seems to have just happened – after restarting, Firefox now does not accept it anymore!

link