Y
Hacker News
new
|
ask
|
show
|
jobs
by
jefftk
1349 days ago
It does sort of involve crypto: if the page you control weren't served over HTTPS it wouldn't be too hard (DNS poisoning) for someone else to trick a server into verifying the wrong user.
1 comments
account42
1346 days ago
If DNS poisoning is so easy why don't you perform the same attach on Let's Encrypt since that also uses plain HTTP.
link
jefftk
1346 days ago
Certificate Authorities are extremely careful about DNS (and BGP hijacking), more so than basically everyone else.
link