Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Are you skipping over something in that explanation about which email(s) one must be able to read? Because the way you said it makes it sound as if anyone could make fake certs for hotmail, gmail, etc. And that can't be right... I hope.


This is partially right(!)

A security researcher once obtained a certificate for Microsoft's live.com domain by registering an email account sslcertificates@live.com and using it to reply to the CA's verification email.

http://www.theregister.co.uk/2011/04/11/state_of_ssl_analysi...


Presumably something like "root" or "webmaster," but those aren't illegal on mailinator: http://mailinator.com/maildir.jsp?email=webmaster&x=0...




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: