Comment by codedokode
3 years ago
The problem is that Let's Encrypt issued a fake certificate without proper validation.
UPD: I was initially wrong. It looks like many CAs will issue a valid certificate to attacker capable of doing MitM.
3 years ago
The problem is that Let's Encrypt issued a fake certificate without proper validation.
UPD: I was initially wrong. It looks like many CAs will issue a valid certificate to attacker capable of doing MitM.
why do you keep making this incorrect claim?
it was a DV cert, and it was considered validated because someone was MITMing the traffic. that would have worked against any CA, nothing at all to do with Let's Encrypt.
Corrected the comment to reflect that SSL cert infrastructure is ridiculously easy to hack.