Comment by hlandau

3 years ago

Both you and the grandparent are correct in that both propose viable attacks; it is a known fact (and not news to any expert in the space) that "domain validation" certificates are vulnerable to "global" MitM in which an attacker can intercept all traffic to a domain (and therefore intercept the validation probes). A situation in which a service's hosting company is sitting on their "front door" (so to speak) and MitMing all traffic that goes their way is exactly such a situation (hence my recommended mitigation).

Hosting company is not the only one who can do MitM; any ISP through which the traffic passes can do that as well; and if there are backdoors in foreign network equipment then the manufacturer of equipment can do MitM too.

  • This is false, because Let’s Encrypt uses servers in multiple places to get a mix of routing paths to eliminate it as an attack vector.