|
|
|
|
|
|
by pfg
3359 days ago
|
|
|
I don't know where they got the information about the certificate being issued 5 months prior to the attack, but that's not what Certificate Transparency shows. Here's the certificate that was issued on the day of the attack[1]. Let's Encrypt hasn't issued any certificates prior to that[2]. Another fun fact: It took them about a month to revoke the certificate in question. They didn't even bother revoking a second certificate[3] (valid for a subdomain). Heh, at least this will make a good example when discussion the pros of short-lived certificates. [1]: https://crt.sh/?id=47675898 [2]: https://crt.sh/?Identity=%25.banrisul.com.br&iCAID=16418 [3]: https://crt.sh/?id=47630635 |
|
|