Comment by zimpenfish
5 hours ago
> You're not concerned that someone might do ...
I mean, now you've brought it up, I am concerned about it - but the level of concern is somewhere between "spontaneous combustion of myself leading to exploitation of my domain DNS because my bugger-i-ded.txt instructions are rubbish" and "cosmic rays hitting all the exact right bits at the exact right time to bugger my DNS deployment when I next do one which won't be for a while because even one a year is a fast pace for me to change something."
(Plus I'm perfectly capable of taking my sites and domains offline by incompetent flubbery as it is; I don't need -more- ways to fuck things up.)
It is not like some cheeky kids would just DDoS the signing authority itself, or hammer bleed the host TLS library yet again.
There are also good reasons many serious admins don't trust signing authorities. If you know... you know why... =3