Y
Hacker News
new
|
ask
|
show
|
jobs
by
xfer
1329 days ago
Can you not mitm the CA's dns lookups for http, tls-alpn challenges and make them sign the certificates for you? How does letsencrypt prevent this? Do they check with multiple resolvers around the world?
1 comments
tptacek
1329 days ago
Yes, they check with multiple resolvers around the world.
link
ehPReth
1329 days ago
well, two do at least. hopefully more
link