Hacker News new | ask | show | jobs
by cryptonector 468 days ago
DANE would help here: register a harmless sounding domainname whose name leaks nothing, use DNSSEC and NSEC3, and host your hidden service in a sub-domain whose name is a 63 byte long string of randomly selected ASCII characters. But this isn't really an option.
1 comments
Dylan16807 468 days ago
Why the DNSSEC, which then requires NSEC3? Shouldn't a wildcard certificate do the job in conjunction with normal unsigned DNS?
link