|
|
|
|
|
|
by 220
3388 days ago
|
|
|
Is there a risk model where you control the network enough to fake domain validation but only if the target initiates the request to Let's Encrypt? Otherwise it doesn't matter if you use Let's Encrypt as the attacker could just initiate the validation regardless of your CA and end up with a valid certificate (which would still fail cert pinning) Edit: Oh I see, it's a more about if DV should ever be green. |
|
|