|
|
|
|
|
|
by nly
3742 days ago
|
|
|
Arguably this vulnerability is serious enough to see StartSSL dropped from the trusted root store, or at least see browsers taking action to block DV certs from StartSSL issued before a certain date. It/they won't be, of course, since the whole system is a farce. I'd lament again how we still need to push DANE, but I was doing that 2 days ago here on HN[0] and I'm tired of it. Nevermind, maybe the next bug we see will be in one of the other DV methods, like tricking the validator to access a http uri of your choosing rather than '/.well-known/', for instance. Or authoritative DNS poisoning. [0] https://news.ycombinator.com/item?id=11321184 |
|
|
https://www.startssl.com/NewsDetails?date=20160322