With Encrypted Client Hello you can have some more privacy on obtaining certificates for wildcard domains, IIRC.
Comment on You Should Run a Certificate Transparency Log
Moonrise2473@feddit.it 6 days agoBut your endpoints are already available to everyone with just a nslookup.
Maybe it’s more the permanent history of that, so if you run something like “radarr.example.com” then you wouldn’t have plausible deniability if you’re sued and the CT logs are presented as proof of your wrongdoing
xinayder@infosec.pub 6 days ago
Orygin@sh.itjust.works 6 days ago
Not if you run a wildcard CNAME for your sub domains right ?
Like I have *.mydomain.com point to my server, and there I have a different reverse proxy depending on the domain.
towerful@programming.dev 6 days ago
Not if you use wildcard dns records.