It might be interesting for "opportunistic" DoTLS towards authdns servers, which... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		ff317 3 months ago \| parent \| context \| favorite \| on: Getting ready to issue IP address certificates It might be interesting for "opportunistic" DoTLS towards authdns servers, which might listen on the DoTLS port with a cert containing a SAN that matches the public IP of the authdns server. (You can do this now with authdns server hostnames, but there could be many varied names for one public authdns IP, and this kinda ties things together more-clearly and directly).

jeroenhd 3 months ago [–]

It might also he useful to hide the SNI in HTTPS requests. With the current status of ESNI/ECH you need some kind of proxy domain, but for small servers that only host a few sites, every domain may be identifiable (as opposed to, say, a generic Cloudflare certificate or a generic Azure certificate).

Consider applying for YC's Winter 2026 batch! Applications are open till Nov 10
Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact