| ▲ | cobertos 2 hours ago | |||||||||||||
Why not just map the domain to an internal IP and call it a day? Then the only way it can be accessed is through a VPN. Then use a wildcard so none of leaks into cert transparency logs | ||||||||||||||
| ▲ | throw0101d 2 hours ago | parent [-] | |||||||||||||
> Then use a wildcard so none of leaks into cert transparency logs You now also have to build infrastructure to distribute the wildcard from (presumably) central place where you generate it to all the different places where it is desired. And hope the wildcard's private key does not leak from one of myriad of places it now lives. | ||||||||||||||
| ||||||||||||||