← Back to context Comment by blueflow 3 years ago This happens all the time when a server is rebuilt from scratch - same cert using a different keypair. 6 comments blueflow Reply codedokode 3 years ago So should we conclude that SSL cert infrastructure is completely compromised and now any country can issue fake certificates? blueflow 3 years ago No, there is no reason to jump to such extremes. codedokode 3 years ago There are approximately 10 Tier-1 ISPs through which majority of Internet traffic passes, and unless I misunderstood something, they can issue valid certificates for almost any domain. To me it looks like "completely compromised". 3 replies →
codedokode 3 years ago So should we conclude that SSL cert infrastructure is completely compromised and now any country can issue fake certificates? blueflow 3 years ago No, there is no reason to jump to such extremes. codedokode 3 years ago There are approximately 10 Tier-1 ISPs through which majority of Internet traffic passes, and unless I misunderstood something, they can issue valid certificates for almost any domain. To me it looks like "completely compromised". 3 replies →
blueflow 3 years ago No, there is no reason to jump to such extremes. codedokode 3 years ago There are approximately 10 Tier-1 ISPs through which majority of Internet traffic passes, and unless I misunderstood something, they can issue valid certificates for almost any domain. To me it looks like "completely compromised". 3 replies →
codedokode 3 years ago There are approximately 10 Tier-1 ISPs through which majority of Internet traffic passes, and unless I misunderstood something, they can issue valid certificates for almost any domain. To me it looks like "completely compromised". 3 replies →
So should we conclude that SSL cert infrastructure is completely compromised and now any country can issue fake certificates?
No, there is no reason to jump to such extremes.
There are approximately 10 Tier-1 ISPs through which majority of Internet traffic passes, and unless I misunderstood something, they can issue valid certificates for almost any domain. To me it looks like "completely compromised".
3 replies →