Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Have you tried that with various devices these days? It's getting increasingly difficult to convince various mobile OSes to accept internal root CAs (largely for good reasons, but that's a different discussion).

> you need to leverage the existing public infrastructure, which doesn't give it away as a free beer but sells it.

No, it's the opposite these days. The existing PKI these days is free (Letsencrypt and others), but getting a public domain that any browser-acceptable CA will issue certificates for isn't. Your domain registration/renewal fees don't pay for that PKI.

I think it's urgently needed for browser vendors, the IETF etc. to get together and figure out a solution for accessing "mymediocreiotdevice.home" without a barrage of "zomg no HTTPS!!", "zomg self-signed cert!" etc. warnings, as these will only desensitize users further to actual problems on publicly-accessible sites.



>No, it's the opposite these days

This is what I said in the first place - public DNS is not free. The costs to get in range but the minimal isn't that much ($5/year to be precise), so the question is between any amount at and no at all.




Consider applying for YC's Fall 2026 batch! Applications are open till July 27.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: