|
|
|
|
|
|
by jk700
2078 days ago
|
|
|
But if an attacker can intercept domain validation to issue a certificate, there is little reason not to protect his own certificate from revocation by preventing subsequent validations until it is used on a target, if he can't hide this fact in some way of course. A report of that will look like someone is trying to revoke a certificate for a domain they don't control and won't actually solve the problem even if a human can be convinced by other method that you do control the domain. Maybe DNSSEC could be used here to help if ACME added a way to force DNSSEC-only domain validation. |
|
|