#Tag · bonfire.cafe

Am I really the only one who uses 24hrs long living certificates which get automatically renewed and signed by an own CA via ACME?

#ssl #tls #dane #acme #certificate #certificateauthority #ca

gyptazy

@gyptazy@mastodon.gyptazy.com · last week

Am I really the only one who uses 24hrs long living certificates which get automatically renewed and signed by an own CA via ACME?

#ssl #tls #dane #acme #certificate #certificateauthority #ca

Aral Balkan

@aral@mastodon.ar.al · last month

@beardedtechguy So “people would notice a link to mybank.com going to hahapwned.com but not to 89.72.4.2?”

People are more likely, not less, to smell something fishy if they see a random string of digits when they expect the name of a site they trust.

If this is the only argument against certificates for IP addresses, I think we’re good.

CybersecKyle

@beardedtechguy@infosec.exchange replied · last month

@aral Great point — and I agree that most users would be suspicious if they saw an IP address like 89.72.4.2 instead of a familiar domain like mybank.com. The concern raised in the article, though, was more about scenarios where users don’t see the link clearly — such as in emails, PDFs, or messaging apps where URLs may be masked behind anchor text or shortened links. For example, a phishing email might show a link that says “View Invoice” but actually points to https://203.0.113.10/login.

Experienced users like you and I know to hover over links, check certificate info, or inspect the address bar. But many users don’t do that — or worse, they click links without verifying anything. According to the Verizon DBIR and other phishing studies, this is still one of the top attack vectors today.

Also, I don’t think the article was arguing against IP certs outright — just highlighting that, like with any new capability, there's potential for abuse that the broader public (and infosec community) should be aware of.

#CyberSecurity #Phishing #DigitalTrust #TLS