On Mon, 26 Jun 2023 22:01:06 +0300, Andrei Borzenkov wrote:
"Take over opensuse.org" is ambiguous. It may mean "systems servicing opensuse.org are compromised"; but it may also mean "domain name opensuse.org is redirected to another server(s)". In the latter case servers that receive requests for opensuse.org would need valid certificate for this domain trusted by client. And in this case such hijacked domain would actually pass LE checks (at least, checks that are described in there documentation).
That's fair. But if the domain were to be redirected, there's nothing that would prevent someone from getting a LE certificate anyways, and most people aren't going to verify the certificate is actually the "real" certificate, just that it's valid. Prior to this thread, I had no idea that the openSUSE.org domain used a LE certificate. I think the real question here is what the probability is of the domain being hijacked through either social engineering (I would hope that's low) or DNS poisoning/spoofing. -- Jim Henderson Please keep on-topic replies on the list so everyone benefits