Y
Hacker News
new
|
ask
|
show
|
jobs
by
silverwind
972 days ago
This is actually a great suggestion and ACME providers should provide it as an opt-in feature via CAA record. Not even the provider having access to system memory could issue a mitm cert without you noticing.
1 comments
Jenda_
972 days ago
The provider having access to system memory can copy the private key and use your original key+cert for MITM, unless you are using some fancy HSM.
link