Discussion · bonfire.cafe

@beardedtechguy So “people would notice a link to mybank.com going to hahapwned.com but not to 89.72.4.2?”

People are more likely, not less, to smell something fishy if they see a random string of digits when they expect the name of a site they trust.

If this is the only argument against certificates for IP addresses, I think we’re good.

Farshid Hakimy / فرشید

@farshidhakimy@chaos.social · 3 weeks ago

@aral @beardedtechguy
also it's not like this is something new. I am pretty sure Cloudflare has a certificate for https://1.1.1.1 even if it redirects to a domain.
And even without LE there are other CAs offering certificates for IP addresses.

CybersecKyle

@beardedtechguy@infosec.exchange · 3 weeks ago

@aral Great point — and I agree that most users would be suspicious if they saw an IP address like 89.72.4.2 instead of a familiar domain like mybank.com. The concern raised in the article, though, was more about scenarios where users don’t see the link clearly — such as in emails, PDFs, or messaging apps where URLs may be masked behind anchor text or shortened links. For example, a phishing email might show a link that says “View Invoice” but actually points to https://203.0.113.10/login.

Experienced users like you and I know to hover over links, check certificate info, or inspect the address bar. But many users don’t do that — or worse, they click links without verifying anything. According to the Verizon DBIR and other phishing studies, this is still one of the top attack vectors today.

Also, I don’t think the article was arguing against IP certs outright — just highlighting that, like with any new capability, there's potential for abuse that the broader public (and infosec community) should be aware of.

#CyberSecurity #Phishing #DigitalTrust #TLS

bonfire.cafe

A space for Bonfire maintainers and contributors to communicate

bonfire.cafe: About · Code of conduct · Privacy · Users · Instances

Bonfire social · 1.0.0-rc.2.3 no JS en

Automatic federation enabled