logoalt Hacker News

nijavetoday at 5:04 PM3 repliesview on HN

On k8s, there's cert-manager but also you need k8s...

Most browsers support trust on first use for leaf certs


Replies

zufallsheldtoday at 6:55 PM

Well, if your cert-manager distributes its own CA, you'd still need the clients to trust the CA, even in k8s.

jmbwelltoday at 5:08 PM

I guess I mean treat it as a clear first class feature. Right now most browsers treat it as an arcane error. I’m thinking more “This is the first time you’re connecting to this site. Do you trust it?”

And later if something changes, then they can do the whole DOING SOMETHING NASTY! thing, which is effectively the experience today

notTooFarGonetoday at 5:50 PM

Firefox now started that you can't even go on the page on some occasions.

Using a browser in an air gapped environment is so much more pain than it should be.