|
|
|
|
|
|
by tialaramex
2920 days ago
|
|
|
Your parent mentioned Certificate Transparency. Under CT all the public CAs log certificates they issue, and everybody can see the logs, programmatically (with cryptographic security) or via a log monitor like crt.sh So yes, bad guys operating a TLD can trick a CA into issuing for a domain under theirs, but the CT logs would preserve evidence of this cert existing, and the CA is required to keep records of why it was confident to issue. Monitors would know about the cert in 24 hours (usually much less) |
|
|