[336611629]

This problem was solved in the mid 2010s by Certificate Transparency. Every issued certificate that browsers trust must be logged to a public append-only certificate transparency log. As a result, you can scan the logs to see if any certs were issued for your domain for keys that you don't control (and many tools and companies exist to do this).

[wakawaka28]

How do you connect to the log provider? Can't that connection be compromised too? It seems like something that browsers would not keep internally.

[harrall]

I wouldn’t consider it “solved” because most organizations and people don’t actually check the log.

And a malicious actor can abuse this fact.

[crote]

Having Chrome/Firefox asynchronously check the CT log 0.1% of the time would probably be enough to solve that.

CT logging is mandatory, and even a single missing cert is probably going to be an existential threat to any CA.

The fact that someone is checking is already enough of a deterrent to prevent large-scale attacks. And if you're worried about spearphishing-via-MitM, you should probably stick to Tor.

[wakawaka28]

How will you establish a connection to the CT log server? Seems like you need a separate way to handle that.