|
|
|
|
|
|
by nullc
2237 days ago
|
|
|
I'm not sure what you'd call it other than man-in-the-middle. The issue is that CA's (for various defensible reasons-- including that there isn't much better possible within their framework, it's not like they know you personally...) will issue a cert for your domain to any party that can throw a file up on it that their automation fetches via http. In practice this means a MITM near your server (or, technically, anywhere between any CA that will issue certs for your domain and your server), or between your CA and the DNS results can get certs for your name and there isn't much you can do about it. |
|
|