Y
Hacker News
new
|
ask
|
show
|
jobs
by
inigyou
8 days ago
If any of the parent zones defects, they can trivially misissue a certificate. Having separate CAs that ddo whatever DNS says doesn't improve anything.