Thanks for that response. It is well-written and transparently constructed. That said, you're reading quite a bit more agenda and polemic in TrendMicro's post than I did. Possibly because you've seen this kind of post before :)
If you can allow me a bit of proofreading, there are a few typo's in the article:
[..] that said it is can be summarized as: -> lose the "is"
Maybe the then the issue is -> lose the first "the"
It had nothing to do with SSL, the attacker had full control of a subdomain and the attack would have still worked without it. -> The final "it" should presumably refer to SSL, but in this construct it refers to "control".
I say “could” because in that not everyone is aware of -> lose "in that" ?
Until all CAs are required to log all of the SSL certificates they issue into CT Logs and add are required to CAA -> Not sure of your intent here. "And CAA records are required before requesting certs"?
Also, your quotes from the original article render for me (in firefox) as single-line textboxes with scrollbars. Maybe you can change it to force automatic wrapping?
If you can allow me a bit of proofreading, there are a few typo's in the article:
[..] that said it is can be summarized as: -> lose the "is"
Maybe the then the issue is -> lose the first "the"
It had nothing to do with SSL, the attacker had full control of a subdomain and the attack would have still worked without it. -> The final "it" should presumably refer to SSL, but in this construct it refers to "control".
I say “could” because in that not everyone is aware of -> lose "in that" ?
Until all CAs are required to log all of the SSL certificates they issue into CT Logs and add are required to CAA -> Not sure of your intent here. "And CAA records are required before requesting certs"?
Also, your quotes from the original article render for me (in firefox) as single-line textboxes with scrollbars. Maybe you can change it to force automatic wrapping?