|
|
|
|
|
|
by 0x0
3933 days ago
|
|
|
They can already do that, as they could temporarily hijack your NS records and buy a cert somewhere else. If you can't trust your registrar, you have bigger problems (I'd say "all is lost") On the flipside, having a registar act as the only valid CA would mean that choosing a trustworthy registrar suddenly has real value. Power users could make an educated opinion on the trustworthyness of a given domain validated CA. Domain owners could be sure they're not at risk for how in the current system, an adversarity could get a valid parallel SSL certificate from a sloppy bargain-bin CA, even if the domain owner picked the most expensive and diligent CA and registrar for themselves. |
|
|