"Dangling DNS entries" - How can any CloudFront distribution receive the traffic for a domain if its dns is not pointing to the right http://xxxx.cloudfront.net ? This is the problem you should fix. Doing checks across all accounts for a given AlternateName adds way more friction.
-
-
-
CloudFront also offers dedicates IP ranges as a feature too https://aws.amazon.com/cloudfront/custom-ssl-domains/ … . For customers of that feature we do what you're describing. But otherwise, CloudFront never "sees" the xxxx, CNAMEs are resolved remotely and not visible to CloudFront.
End of conversation
New conversation -
-
-
Any who are: feel free to talk to me! ... also let's work on encrypted SNI.
-
... and tls 1.3 plans deployment plans... :)
- 1 more reply
New conversation -
-
-
Google just did this too: https://www.theverge.com/2018/4/18/17253784/google-domain-fronting-discontinued-signal-tor-vpn … Though there were some privacy benefits, I'm pleased with these decisions overall given domain fronting use by targeted attackers and how hard it is to detect. (we ran into
#APT29 doing this in 2014)@cglyer@matthewdunwoodyThanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
Great idea, even better move but too bad there’s still a ton of other options out there.
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
This is awesome
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.