undefined | Better HN

0 pointsPiskvorrr9y ago0 comments

Now you're vulnerable to DNS hijacking.

0 comments

nsgi9y ago

HTTPS prevents that.

caf9y ago

No, because the implication here is that the private key for these router0123.netgear.com type hostnames will be known to the consumer devices that are serving the pages, so they will be essentially public.

tialaramex9y ago

I think the idea is each device has its own FQDN, and gets its own certificates. Thus, breaking open your router only gets you "your" private key, they'd all be different. Buying one on eBay might be risky, but if you buy sketchy network hardware on eBay you're at risk in so many ways already...

You can't do this with Let's Encrypt out of the box (unless you make small numbers bespoke devices) because of their Rate Limits. But several commercial public CAs like Comodo would probably be interested in cutting a deal with a big electronics manufacturer or a trade group.

1 more reply

PiskvorrrOP9y ago

Nope. HTTPS only prevents you from falling for it - but you still can't get there.

j / k navigate · click thread line to collapse