Your browser tab is a device behind NAT. Watch it earn a real, publicly-trusted TLS certificate — through a relay that can never read your traffic.
No account. No install. Solve the challenge and your tab will
generate a private key, request a wildcard certificate for a real
*.snif.xyz zone, and receive one signed by a public CA — all
in a few seconds. SNIF derives your unique hostname under that zone from
the key, and the private key never leaves this page.
SNIF is an open protocol (IETF draft-zubov-snif) and Apache-2.0 software — github.com/vesvault/snif. The relay forwards SNI-routed ciphertext and terminates no TLS it can read.