On 13 Sep 2011, at 23:30, Marsh Ray wrote: > <snip> > Wouldn't they have to acquire a valid cert first? Not saying that's out of > the realm of possibility, but...
Yeah, but in the case that you've gained control of a domains DNS, which is what happened, how hard would it be to get a valid DV cert?
_______________________________________________ websec mailing list websec@ietf.org https://www.ietf.org/mailman/listinfo/websec
