惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

T
Threatpost
aimingoo的专栏
aimingoo的专栏
OSCHINA 社区最新新闻
OSCHINA 社区最新新闻
T
Tailwind CSS Blog
J
Java Code Geeks
博客园_首页
Google Online Security Blog
Google Online Security Blog
Hugging Face - Blog
Hugging Face - Blog
C
CXSECURITY Database RSS Feed - CXSecurity.com
I
Intezer
P
Palo Alto Networks Blog
V
Vulnerabilities – Threatpost
雷峰网
雷峰网
O
OpenAI News
SecWiki News
SecWiki News
小众软件
小众软件
酷 壳 – CoolShell
酷 壳 – CoolShell
美团技术团队
N
News | PayPal Newsroom
Project Zero
Project Zero
Forbes - Security
Forbes - Security
IT之家
IT之家
A
Arctic Wolf
WordPress大学
WordPress大学
Jina AI
Jina AI
T
Tor Project blog
博客园 - 三生石上(FineUI控件)
S
Secure Thoughts
Google DeepMind News
Google DeepMind News
Attack and Defense Labs
Attack and Defense Labs
博客园 - 聂微东
Exploit-DB.com RSS Feed
Exploit-DB.com RSS Feed
P
Privacy International News Feed
Cloudbric
Cloudbric
G
GRAHAM CLULEY
博客园 - 叶小钗
H
Hacker News: Front Page
腾讯CDC
量子位
Help Net Security
Help Net Security
人人都是产品经理
人人都是产品经理
C
Cyber Attacks, Cyber Crime and Cyber Security
月光博客
月光博客
奇客Solidot–传递最新科技情报
奇客Solidot–传递最新科技情报
宝玉的分享
宝玉的分享
爱范儿
爱范儿
L
Lohrmann on Cybersecurity
Hacker News - Newest:
Hacker News - Newest: "LLM"
Recorded Future
Recorded Future
C
CERT Recently Published Vulnerability Notes

LWN.net comments

tcmalloc's weird hack [LWN.net] Fixed? [LWN.net] mpd [LWN.net] Userspace AX.25 [LWN.net] RIP [LWN.net] My two cents... [LWN.net] pipx [LWN.net] Tragedy [LWN.net] A young man destined for glory [LWN.net] And 'less' won't let you search [LWN.net] A great loss [LWN.net] Sad and shocking news [LWN.net] Easy migration from Clementine [LWN.net] Sad coincidence [LWN.net] GNOME is actually usable thanks to Seth et al [LWN.net] Sad news :( [LWN.net] armhf supports preempt_rt [LWN.net] MusicBrainz accurracy [LWN.net] On open source maintainership [LWN.net] Let's stop here [LWN.net] Not a new thing [LWN.net] uv is indeed great pgmoneta Some comments on this on a Postgres blog feed [LWN.net] uv [LWN.net] going to Debian [LWN.net] Upgrading 64-bit-capable systems to 64-bit kernels? [LWN.net] Free Software foundations Maintainers can wait for code review but not for publish review? A reasonably extreme point of view [LWN.net] Maintaining old code Varieties of filesystems and schedulers, so why not for IPC mechanisms too? [LWN.net] AI and documentation [LWN.net] Delegating the work to a subsidiary [LWN.net] Maybe they should provide their reviews to the world [LWN.net] Something can be a bug but not a vulnerability [LWN.net] History is a little backwards ... [LWN.net] A reasonably extreme point of view [LWN.net] Let’s stop here [LWN.net] authd [LWN.net] Suggestion for bug report [LWN.net] Software pain points for long-term equipment [LWN.net] Wrong direction [LWN.net] mjg59 has lost the plot there [LWN.net] Role of German law in this? [LWN.net] Without beer? [LWN.net] Feels soul destroying [LWN.net] No zswap in Debian cloud kernel [LWN.net] No Beer?!? [LWN.net] The other fam [LWN.net] Thank you Andrew [LWN.net] Brave! [LWN.net] I second the cost factor [LWN.net] cassandra [LWN.net] Proprietary tools [LWN.net] familiar [LWN.net] ... is also staging. [LWN.net] Python package managers [LWN.net] Pour one out for AX.25... [LWN.net] tun/tap? [LWN.net] Another article at gnulinux.ch [LWN.net] Transitive checks [LWN.net] Just execute from stdin [LWN.net] Cross-compile Vacation [LWN.net] Concrete steps toward RFC 3550 (new Range types) You can rip with Windows apps too! Have the tempfile issues raised in the release notes been fixed? onlyoffice tried to add stuff in the fine print, and failed Work w/o publication is not science Removing art like offensive fortunes is a mistake. [LWN.net] De-googling (was Wtf) [LWN.net] I liked pdfmark [LWN.net] Juice then tag [LWN.net] why did PREEMPT_LAZY caused more preemptions than PREEMPT_NONE with THP disabled? [LWN.net] x86-64 was first introduced in 2003 [LWN.net] no memory safety? [LWN.net] False positive identification rate [LWN.net] "Defensive" AI use [LWN.net] LTS release? [LWN.net] ironic (ugly, good) [LWN.net] Moving away from LLVM [LWN.net] ironic (ugly, good) [LWN.net] Abandoning vim(1) ASAP [LWN.net] "Picard" naming [LWN.net] circular reasoning is a potential source of unsoundness [LWN.net] Nice to see an update [LWN.net] Writable THPs [LWN.net] Whole network messages [LWN.net] I'll fix my code ... [LWN.net] Can also recommend beets [LWN.net] Jack the CD ripper [LWN.net] How about the bad CDs? [LWN.net] systemd-boot [LWN.net] Significant raise of reports [LWN.net] IMO, it's appropriate [LWN.net] How about the bad CDs? [LWN.net] Update to include Part 4? [LWN.net] Pandoc also is invauable for a cheap-and-dirty retrieval augmented generation. [LWN.net] Whole network messages [LWN.net]
HTTPS on internal networks (was Industry standard) [LWN.net]
kleptog · 2026-06-15 · via LWN.net comments

HTTPS on internal networks (was Industry standard)

Posted Jun 15, 2026 8:37 UTC (Mon) by kleptog (subscriber, #1183)
In reply to: HTTPS on internal networks (was Industry standard) by taladar
Parent article: Larson: Are insecure code completions a vulnerability?

> But you can just use DNS-01 validation for non-wildcard certificates.

Sure, but then you need to arrange connectivity between the servers in question and the DNS authoritative server (as opposed to the DNS server it normally talks to). Which is certainly possible but Yet Another Things That Can break. You're only going to notice it's broken a month after it breaks. Unless you add monitoring on that too.

It's a cost/benefit thing: does the benefit of a having a proper certificate outweigh with the extra costs over just creating a 10-year self-signed cert and calling it a day.

I thinks it's just a matter of time. Nginx is getting ACME support built-in. You can apparently host your own ACME server internally. The issue of having all your internal systems appear in Certificate Transparency is annoying. Sysadmins need to get used to automatically generating internal certificates and monitoring that. If the costs go down far enough it will happen.