← Back to context

Comment by codedokode

3 years ago

The problem is that Let's Encrypt issued a fake certificate without proper validation.

UPD: I was initially wrong. It looks like many CAs will issue a valid certificate to attacker capable of doing MitM.

why do you keep making this incorrect claim?

it was a DV cert, and it was considered validated because someone was MITMing the traffic. that would have worked against any CA, nothing at all to do with Let's Encrypt.