Comment on Is they're an easy way to make my Jellyfin accessible outside of my home network
quick_snail@feddit.nl 2 days ago Security. X.509 is trash. Onion Services have a much better auth for both client and server
Comment on Is they're an easy way to make my Jellyfin accessible outside of my home network
quick_snail@feddit.nl 2 days ago Security. X.509 is trash. Onion Services have a much better auth for both client and server
helix@feddit.org 1 day ago
What benefit does that give you for media viewing?
What exactly about X.509 is trash for that use case?
CAs and their subordinate certs have a long history of loosing control of their private keys to attackers.
And also many State-sponsored cyber mercenaries have been given certs in the root stores.
Onion Services fix this by using a single pinned cert.