The big issue with encrypted HTTP on the local LAN is that you’re stuck running ... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		Spooky23 on Aug 10, 2024 \| parent \| context \| favorite \| on: .INTERNAL is now reserved for private-use applicat... The big issue with encrypted HTTP on the local LAN is that you’re stuck running a certificate authority, ignoring TLS validation, or exposing parts of your network in the name of transparency. Running certificate authority is one of those a minute to learn, lifetime to master scenarios. You are often trading “people can sniff my network scenario” to a “compromise the CA someone setup 10 years ago that we don’t touch” scenario.

bruce511 on Aug 10, 2024 [–]

I agree that setting up a self-signed CA is hard, and harder to keep going.

However DNS challenge allow for you to map an internal address to an IP number. The only real information that leaks is the subnet address of my LAN. And given the choice of that or unencrypted traffic I'll take that all day long.

Consider applying for YC's Summer 2026 batch! Applications are open till May 4
Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact