Hacker News new | past | comments | ask | show | jobs | submit login

That occurred to me too. But HTTP/1.1 requires a Host: header. It also brings a problem of key distribution.

The other technique that might be useful to register lots and lots of obscure domain names and rotate them regularly. Might cost a bit in SSL certs.




> That occurred to me too. But HTTP/1.1 requires a Host: header.

Yes, but that’s easily forgeable as long as the servers in between allow it.

> It also brings a problem of key distribution.

Not really, you can still do chain of trust SSL validation on a payload in the body of HTTP as you could to encrypt the entire HTTP connection as in the case of HTTPS.

> Might cost a bit in SSL certs.

LetsEncrypt could help there.




Consider applying for YC's Spring batch! Applications are open till Feb 11.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: