Replying to Avatar cipres

This is absolutely awesome, great work. The automatic installation of certificates in the system's trust store is nice. So if you disable the automatic cert install (auto_install: false), nodns-server will be able to resolve the record (using the 111111 events) but the cert won't be trusted so the browser will complain and you'd have to manually trust it ?
Avatar
Arjen 3mo ago

Correct. In the current state of the code automatically inserting the certificate is still VERY risky because I haven't implemented certificate security checks yet.

If the checks are not in place. any [npub].nostr could publish a self-signed certificate with *.google.com and your system would trust it. Allowing a MITM attack.

Just be aware of this when testing. It's very experimental.

Reply to this note

Please Login to reply.

Discussion

No replies yet.