
Flaw in StartSSL Validation Allowed Attackers to Get SSL Certs for Any Domain - nsgi
http://news.softpedia.com/news/flaw-in-startssl-validation-allowed-attackers-to-get-ssl-certs-for-any-domain-502257.shtml
======
aroch
Previous discussion:
[https://news.ycombinator.com/item?id=11330877](https://news.ycombinator.com/item?id=11330877)

------
0x0
Wasn't this dismissed as incorrect? The extra email address was the one listed
in WHOIS and used to be a valid option in the web UI, and is a reasonable
choice for issuing domain-validated certs?

~~~
leeoniya
StartSSL's response:
[https://www.startssl.com/NewsDetails?date=20160322](https://www.startssl.com/NewsDetails?date=20160322)

