Replying to 5dcd8ebc...

"you can definitely do CA on the IP level and not in the domain level" - doesn't help with cabal certs. It's better to use a mesh ipv6 vpn and skip the redundant TLS layer. Non-cabal certs require another browser extension (and standard metadata for apps to know when to veto a cabal CA signature).
Avatar
Vitor Pamplona 2y ago

I have not tested self certificates, but it could work in native (user can choose to trust). I am not sure about web clients, though.

Reply to this note

Please Login to reply.

Discussion

5d
5dcd8ebc... 2y ago

Browsers let you add your own CAs, no problem. What they DON'T do is provide a way to NOT trust a CA for all domains.