Hacker News new | past | comments | ask | show | jobs | submit login

Yeah, I think they do, actually.

Two things...

Proxies are a thing, and stripping the Expect-CT header is trivial.

Any CA can generate a valid SSL cert for any domain.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: