Hacker News new | past | comments | ask | show | jobs | submit login

Networks which use the private network address blocks are not necessarily trusted networks (consider open Wi-Fi hotspots). Also, private networks do not necessarily use private network address blocks—intranets frequently use publicly-routable IP addresses where possible, as it simplifies linking physically distinct intranets. With IPv6 eliminating the scarcity of public addresses we can expect this to become much more common, even among home users.



If you're using a publicly-routable IP address why not use a publicly-routable hostname and get a certificate for it?


The fact that the IP address is publically routable does not imply that the server is actually reachable from the public Internet—that depends on the firewall.

You can associate public hostnames with private-range IP addresses as well, and obtain certificates for them. The main point was that the use of private, non-routable IP addresses does not imply that the network is trusted, and thus is not sufficient reason to exempt the server from securely identifying itself.


Yeah, that is a fair point.




Join us for AI Startup School this June 16-17 in San Francisco!

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: