undefined | Better HN

0 pointsmakeitdouble4y ago0 comments

I am in agreement with wyager, this feature looks like it could be heavily beneficial to a shipping company's internal web app for instance, or other applications that could be running completely isolated from the global network (or running on the machine itself for that matter).

Forcing https in these applications is a waste of time and money for orthogonal purposes. I guess it could be seen as a cost of dev. for any web based application from now on, but it's sad to me to see the barrier to entry get higher for these reasons.

0 comments

jupp0r4y ago

If it's cheaper for you to run an http than an https server then you are holding it wrong.

arjvik4y ago

Internal domains, where getting a certificate to client devices is painful

jonhohle4y ago

I've had the same issue, but mostly for home lab type stuff. Even if you set up an internal CA and all the trappings, you still have a root cert problem. For consumer devices without easy access to certificate stores, it gets complicated fast.

Maybe the state of the art has changed since the last time I looked, but it would be really nice to have something as easy as Lets Encrypt for private tools while at the same time not exposing internal network details.

cloudwizard4y ago

It works in secure contexts. internal domains with .localhost name are considered secure.

https://developer.mozilla.org/en-US/docs/Web/Security/Secure... Locally-delivered resources such as those with http://127.0.0.1 URLs, http://localhost and http://*.localhost URLs (e.g. http://dev.whatever.localhost/), and file:// URLs are also considered to have been delivered securely.

1 more reply

hhh4y ago

External wildcard cert? Maybe it’s different in smaller shops, but it’s just as easy for me to get an internal cert as it is to get an external cert. Only annoying part about our shop is a hard req fit EV certs, so no ACME.

pests4y ago

You can use a public CA like LetsEncrypt then. Exposes you to the certificate log but you should be secured already anyways. Just have to use the DNS challenge (unless you wanna poke a hole for certbot) to grab it

2 more replies

makeitdoubleOP4y ago

> you are holding it wrong.

For those whooshed by the reference, it's about the iPhone's antenna design flaw that Jobs poopooed on stage, to silently get it fixed on the next version.

It seems we're agreeing it's an actual issue that would merit to be fixed.

j / k navigate · click thread line to collapse