undefined | Better HN

0 pointskuschku6y ago0 comments

What's with domains such as blubb.mysystem.local or foo.invalid?

.invalid and .local are reserved domains and guaranteed to never be in use on the public internet - yet I can't get certificates for them

0 comments

zurn6y ago

If you could get certificates for them, so could anyone else including your adversaries, since there is no system of ownership for them. It would be like issuing certs for https://192.168.1.1

kuschkuOP6y ago

Actually that's why browsers already treat http://127.0.0.1/ and certain other local IPs as if it was via https.

For all local IP and domain space - that is 192.168/16, 10/8 and so on - it should automatically treat them as if they were safe anyway.

zurn6y ago

They're likely be part of a cafe/hotel/guest wlan or a poorly managed "intranet" full of vulnerable stuff that needs to be shielded from CSRF. That's in addition to having ambiguous addresses. So should definitely be treated as less safe.

j / k navigate · click thread line to collapse

0 comments

zurn6y ago

If you could get certificates for them, so could anyone else including your adversaries, since there is no system of ownership for them. It would be like issuing certs for https://192.168.1.1

kuschkuOP6y ago

Actually that's why browsers already treat http://127.0.0.1/ and certain other local IPs as if it was via https.

For all local IP and domain space - that is 192.168/16, 10/8 and so on - it should automatically treat them as if they were safe anyway.

zurn6y ago

j / k navigate · click thread line to collapse