Comment by codedokode

3 years ago

So SSL certificates are completely unreliable; we should only wait until Russian or Chinese comrades find a good use for this attack (e.g. temporary redirecting Western traffic using BGP to validate a Let's Encrypt's cert for Western site).

yes? this is a well-known problem, which is why CAA-ACME etc and certificate transparency logs exist.