|
|
|
|
|
|
by ploxiln
2664 days ago
|
|
|
> someone with control over example.github.io might have been able to get a certificate for any github.io domain I think that, realistically, that's a lot less likely. I think the "weirdness" of the in-addr.arpa hierarchy contributed to the "manual validators" just shrugging and pushing through. I think the main issue raised is that whois record checking is becoming manual and silly because of whois throttling and captchas and GDPR concerns ... in many cases it's not really working well enough to issue certificates based on. |
|
|