Comment by codedokode
3 years ago
So SSL certificates are completely unreliable; we should only wait until Russian or Chinese comrades find a good use for this attack (e.g. temporary redirecting Western traffic using BGP to validate a Let's Encrypt's cert for Western site).
yes? this is a well-known problem, which is why CAA-ACME etc and certificate transparency logs exist.