|
|
|
|
|
|
by tptacek
598 days ago
|
|
|
Security is based on a combination of: * The integrity of registrar accounts that are the root of trust for most DNS zones (this was, last I checked, the overwhelming source of DNS corruption attacks), * The security of one or more DNS lookups, depending (some CAs, like LetsEncrypt, do multi-perspective lookups), and * The WebPKI Certificate Transparency system, which tracks the issuance of all certificates that Chrome and Mozilla will accept in a public ledger. |
|
|
https://cabforum.org/working-groups/server/baseline-requirem...