Y
Hacker News
new
|
ask
|
show
|
jobs
by
AgentME
3203 days ago
The attacker who buys a bunch of domains and legitimately owns them for a period of time wouldn't have any issue getting SSL certificates for them.
1 comments
prolurker
3203 days ago
Correct, but, even if not explicitly said, the cached entries should be associated to the certificate's fingerprint and immediately discarded once the certificate expires or is changed.
link
rav
3203 days ago
Certificates often change for legitimate reasons, e.g. Let's Encrypt certificates which must be changed every 3 months.
link
geon
3203 days ago
That would be ok.
link