Y
Hacker News
new
|
ask
|
show
|
jobs
by
nmjohn
976 days ago
The attacker effectively controlled the IP the domain was pointed to. If you have this, getting a cert issued from any CA is trivial - you've proved to them you control the domain in question.
1 comments
3np
976 days ago
As mentioned elsewhere in the thread, RFC 8657 can prevent this.
https://news.ycombinator.com/item?id=37958831
link
https://news.ycombinator.com/item?id=37958831