Hacker News new | past | comments | ask | show | jobs | submit login

It’s currently standard for CAs to host multiple verifiers in multiple jurisdictions, to reduce the chances of this happening, afaik.



Let's Encrypt is developing this feature but it might be a little premature to call it "standard"—it's not specified in the Baseline Requirements and I'm not sure whether there's any CA that has announced it as a part of all certificate issuance.


Most CAs aren't automated :) I believe any that do ensure that DNS requests are tried from multiple different locations to prevent this happening. Though you're right, the standards haven't caught up yet.




Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact

Search: