
Ask HN: With https can domain owner snoop traffic? - alistproducer2
background: I am using a free ddns provider that let&#x27;s you set up sub domains on other (willing) people&#x27;s tlds. I got a lets encrypt cert on my site and force https everywhere.<p>Am I wrong in thinking this makes my traffic immune from a man in the middle attack by the owner of the tld?
======
detaro
The domain owner is in more or less the same position with HTTP and HTTPS:
normally they don't see any of your traffic, but since they control the domain
they can change its DNS entries to wherever they want. CAs will happily take
their control of DNS or the target location as proof that they own the domain
(which is true) and give them a certificate, allowing MITM that's not
obviously visible to the visitor but leaves discoverable traces.

