|
|
|
|
|
|
by iancarroll
3512 days ago
|
|
|
If Let's Encrypt's chain is compromised, everyone is screwed, not just your site. If _any_ trusted CA is compromised, everyone is screwed, even if they haven't issued a certificate for your site. There is no way to induce a vulnerability by using an incompetent or malicious CA, provided you generate your own, strong private key. Even issuing an MD5 or SHA-1 certificate cannot actively harm your visitors unless a second preimage attack is developed against the algorithm (in which case, again, everyone is screwed, not just you). |
|
|
If OVH is doing this automatically, they're the ones generating the keys, right?