Hacker News new | past | comments | ask | show | jobs | submit login

It sure reads as they genereated 2mio+ certs - that's probably why they thank GlobalSign and Comodo in the blog post.

I'm not sure how I should feel, if company x (where I am a registered but non-paying customer in their free tier) gets a cert in my name withouth asking before.




A cert in your domain name. Something they could always do. As can anyone you've given control of your domain to. Domain validation is how most certificates are issued.


They could have done that by MITM the validation email you mean?

EDIT: Ah, there are more options than email validation - my CA didn't offer those. Learned something, thanks.


No. Email is not the only supported method of domain validation.

See, for example, Comodo's documentation: https://support.comodo.com/index.php?/Default/Knowledgebase/...




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: