Also I don't see the point of what TLS is supposed to solve here? If you and I (and everyone el...

alibarber • today at 6:04 PM • 3 replies • view on HN

Also I don't see the point of what TLS is supposed to solve here? If you and I (and everyone else) can legitimately get a certificate for 10.0.0.1, then what are you proving exactly over using a self-signed cert?

There would be no way of determining that I can connecting to my-organisation's 10.0.0.1 and not bad-org's 10.0.0.1.

Replies

londons_explore • today at 6:29 PM

Perhaps by providing some identifier in the URL?

ie. https://10.0.0.1(af81afa8394fd7aa)/index.htm

The identifier would be generated by the certificate authority upon your first request for a certificate, and every time you renew you get to keep the same one.

➕ show 1 reply

Latty • today at 7:17 PM

This is assuming NAT, with IPv6 you should be able to have globally unique IPs. (Not unique to IPv6 in theory, of course, but in practice almost no one these days is giving LAN devices public IPv4s).

cpach • today at 6:44 PM

A public CA won’t give you a cert for 10.0.0.1

➕ show 1 reply

alt Hacker News

Replies