Hacker News new | past | comments | ask | show | jobs | submit login

I wasn't referring to EV certificates, just to verifying simple ownership of the domain for the purposes of MITM and other attacks of that kind. Let's Encrypt would inform you that the page that appears when you visit googIe.com was indeed served by the owner of that domain (barring server compromises or cert leaks, but that's a separate issue). LE and "basic" certificates do not attempt to answer the question of who owns the domain -- that's also an entirely separate problem.



Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact

Search: