|
|
|
|
|
|
by nucleardog
2307 days ago
|
|
|
This is what certificate transparency logs are designed to solve. Chrome and Safari currently validates that a certificate has been published in the publicly available transparency logs as part of considering it valid. Either Google doesn't publish the certificate in the logs and it's not valid, or they publish it and people are able to see the misissuance. It's not foolproof, but it makes the attack even less likely. |
|
|