|
|
|
|
|
|
by yencabulator
1121 days ago
|
|
|
DNSSEC can be tampered without leaving a trail of evidence. If you MitM DNS for all the outbound IPs a CA uses, the end result of that gets logged in Certificate Transparency. And since 1) sites can and do monitor CT for their domains and 2) browsers demand the certificate has been submitted to CT, we know that e.g. google.com is not MitM'ed. |
|
|