IdeaWell

Project ideas from Hacker News discussions.

The difficulty of making sure your website is broken

Original Article

Hacker News Discussion

📝 Discussion Summary (Click to expand)

Prevalent Themes| # | Theme | Supporting quote |

|---|-------|------------------| | 1 | HTTP’s simplicity and decentralized nature vs. TLS complexities | “Meanwhile HTTP keeps working just fine and is decentralized.” — bullen | | 2 | The necessity of adding your own cryptographic layer and the trust barrier it creates | “Just “add your own crypto” on top, which is the ONLY thing a sane person would do.” — bullen | | 3 | Inconsistent revocation handling across browsers, making certificate‑revocation testing unreliable | “Vanadium, Chrome and Firefox (all for Android) all accept all the revoked certificates... But revoked.badssl.com is considered revoked.” — lifis |

🚀 Project Ideas

RevocationGuard Chrome Extension

Summary- Detects and flags websites that serve revoked TLS certificates, addressing Chrome’s inconsistent revocation handling.

  • Provides real‑time warnings and a simple toggle to enforce strict revocation checks for power users.

Details

Key Value
Target Audience Security‑focused developers, privacy advocates, and hobbyist testers
Core Feature Automatic revocation check with visual alerts and optional “strict mode”
Tech Stack Chrome Extension API, WebExtension, JavaScript, Manifest V3
Difficulty Medium
Monetization Revenue-ready: freemium (premium features via Patreon or one‑time license)

Notes

  • HN commenters highlighted Chrome’s lack of proper revocation checks; this extension fills that gap.
  • Could spark discussion on standardizing revocation behavior across browsers.

RevCheck.io API for Mandatory Revocation Validation

Summary

  • Offers a reliable, standards‑compliant revocation validation service that forces browsers to respect revocation status.
  • Enables developers to test and debug TLS revocation issues without relying on buggy browsers.

Details| Key | Value |

|-----|-------| | Target Audience | DevOps engineers, API integrators, and security testers | | Core Feature | RESTful endpoint that returns revocation status using OCSP/CRL checks and enforces strict validation | | Tech Stack | Node.js/Express, PostgreSQL, Docker, OpenSSL, Cloudflare Workers | | Difficulty | Low | | Monetization | Revenue-ready: tiered pricing (free tier, $19/mo Pro, $99/mo Enterprise) |

Notes

  • Directly addresses the frustration expressed about browsers silently accepting revoked certs.
  • Potential for widespread adoption in CI pipelines and security audits.

NetworkFuzz CLI for Simulating Bad Networks & TLS Failures

Summary- A lightweight command‑line tool to emulate poor network conditions, revoked certs, and other TLS failures for reproducible testing.

  • Solves the problem of “crappy network” simulation that currently requires expensive hardware or complex setups.

Details

Key Value
Target Audience QA engineers, embedded developers, and hobbyist testers
Core Feature Modular proxy that injects latency, packet loss, revocation errors, and TLS handshake failures
Tech Stack Go, gVisor, netem, Docker Compose, Prometheus metrics
Difficulty Medium
Monetization Hobby

Notes

  • HN users discussed the difficulty of reproducing bad network scenarios; this tool lowers the barrier.
  • Could become a go‑to reference for reproducible security and reliability experiments.

Read Later