 |
Post AvXAn9lKCNOQjDjn84 by [email protected] |
 |
More posts by [email protected] |
|
Post #AvUlehxwm6Xt24b2ae by [email protected] |
|
0 likes, 2 repeats |
|
|
|
Buckle up: IP address SANs coming to to LetsEncrypt: https://community.letsencr… |
|
|
|
Post #AvUo5WyHxa1Gf1fqro by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@mttaggart My Captain America "language filter" will not let me respo… |
|
|
|
Post #AvUo5X51YXPIzupEMi by [email protected] |
|
0 likes, 1 repeats |
|
|
|
@hrbrmstr At least it's just for SANs, not CNs?? |
|
|
|
Post #AvUpOmjbg1lb0PYGQq by [email protected] |
|
0 likes, 1 repeats |
|
|
|
@mttaggart @hrbrmstr does it matter? I mean CN is not a part of validation, so … |
|
|
|
Post #AvUpTh0oNeA0hnwISG by [email protected] |
|
0 likes, 1 repeats |
|
|
|
@pft @hrbrmstr It matters for attackers who don't want to be bothered setti… |
|
|
|
Post #AvUpxtsl5tcfJDZoRM by [email protected] |
|
0 likes, 1 repeats |
|
|
|
@mttaggart @hrbrmstr I'm a bit confused. What happens if you have an IP add… |
|
|
|
Post #AvUqAD6dRj5GPCwAV6 by [email protected] |
|
0 likes, 1 repeats |
|
|
|
@pft @hrbrmstr Think about how you get a LetsEncrypt certificate. They do not s… |
|
|
|
Post #AvUqJVuAvAxbJeXrge by [email protected] |
|
0 likes, 1 repeats |
|
|
|
@mttaggart @hrbrmstr I just don't understand the security implication even … |
|
|
|
Post #AvUqmGn4CDhYpvvreK by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@mttaggart Modern browsers and applications validate against SAN first, then f… |
|
|
|
Post #AvUqmGt5poWR8ckg2i by [email protected] |
|
0 likes, 1 repeats |
|
|
|
@hrbrmstr Fair point |
|
|
|
Post #AvUqndzPQb514pMQBk by [email protected] |
|
0 likes, 1 repeats |
|
|
|
@pft @hrbrmstr Yeah nevermind I guess |
|
|
|
Post #AvUrckYMmdPeCe54VM by [email protected] |
|
0 likes, 1 repeats |
|
|
|
@mttaggart @hrbrmstr s/nevermind/i don't know/ |
|
|
|
Post #AvUrlQsVIxBtmtdkaO by [email protected] |
|
0 likes, 1 repeats |
|
|
|
@pft @hrbrmstr I didn't particularly feel like going 12 rounds with a stran… |
|
|
|
Post #AvUsxqPIJZNsORSZdo by [email protected] |
|
0 likes, 1 repeats |
|
|
|
@hrbrmstr do they? There is even an ancient RFC that explicitly advises against… |
|
|
|
Post #AvUvG7jqoa6xGbv2qO by [email protected] |
|
0 likes, 1 repeats |
|
|
|
@hrbrmstr @mttaggart They're putting ip addresses as DNS SAN? Ugh. |
|
|
|
Post #AvWjeGUh6SgMEoUip6 by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@mttaggart I just wish they'd stop enabling attacker more than they enable … |
|
|
|
Post #AvX42HRtCevXESuZIO by [email protected] |
|
0 likes, 1 repeats |
|
|
|
@FritzAdalis @hrbrmstr @mttaggart SANs have types; LE’s IP address certs will… |
|
|
|
Post #AvX5Dc40zuZsJ9iCrg by [email protected] |
|
0 likes, 1 repeats |
|
|
|
@jrenken @hrbrmstr @mttaggart So the DNS SAN will not contain the IP address?(I… |
|
|
|
Post #AvXAn9lKCNOQjDjn84 by [email protected] |
|
0 likes, 1 repeats |
|
|
|
@FritzAdalis @hrbrmstr @mttaggart Yes, that’s correct, the DNS type SANs will… |
