Y
Hacker News
new
|
ask
|
show
|
jobs
by
cherioo
3631 days ago
Malicious DNS can request cert for the domain via e.g. let's encrypt, then it can do whatever it wants.
1 comments
jsn
3631 days ago
My understanding is that it doesn't apply at least to EV certificates. Also, the parent says that "any user who is delegating their DNS lookups to a third party", but that can't apply to such users either.
link