Hacker News new | ask | show | jobs
by toast0 1 day ago
If the DNS takeover is limited in scope, the legitimate owner wouldn't be able to query it.

CT addresses scoped attacks by making all webpki trusted certificates public knowledge. You would want something similar with DANE.