Hacker News new | ask | show | jobs
by calebm 3669 days ago
If I understand it correctly, the same HTTPS certificate is used for all GitHub pages websites. So hypothetically, I could do a MITM attack and redirect a user from an HTTPS protected GitHub pages site to my malicious GitHub Pages site right? (although the url would be different... but could be similar)
1 comments
pfg 3669 days ago
You don't have access to their private key. The fact that it is the same certificate is irrelevant. Anything you can do now, you could also do if they'd use separate certificates per subdomain.
link
calebm 3669 days ago
Ya, I guess it's not a big deal.
link