26 Jun
2023
26 Jun
'23
18:51
On Sun, 25 Jun 2023 20:19:52 -0700, Lew Wolfgang wrote:
The issue is of validation of control of the domain. A hacker could take over opensuse.org, then take out a Let's Encrypt cert and distribute malware over the secure channel.
They wouldn't need to take out a new LE cert to distribute malware over the secure channel; they would already *have* a certificate, regardless of where the certificate comes from. -- Jim Henderson Please keep on-topic replies on the list so everyone benefits