logoalt Hacker News

cobertostoday at 3:38 PM1 replyview on HN

Why not just map the domain to an internal IP and call it a day? Then the only way it can be accessed is through a VPN. Then use a wildcard so none of leaks into cert transparency logs


Replies

throw0101dtoday at 3:48 PM

> Then use a wildcard so none of leaks into cert transparency logs

You now also have to build infrastructure to distribute the wildcard from (presumably) central place where you generate it to all the different places where it is desired.

And hope the wildcard's private key does not leak from one of myriad of places it now lives.

show 2 replies