[liberationtech] Question EFF CA Let's Encrypt
Andrew Lewis
me at andrewlew.is
Wed Nov 19 07:16:35 PST 2014
Maybe it requires DNSSEC?
But if you can hijack the DNS request between wherever their servers are
coming from, then there are much larger issues at play that you need to
address.
-Andrew
On Wed, Nov 19, 2014 at 10:13 AM, Richard Brooks <rrb at g.clemson.edu> wrote:
> Just looked at this:
>
> https://letsencrypt.org/howitworks/technology/
>
> The EFF's new CA to make things cheap and easy for
> installing certs. I like the goal.
>
> What I do not get from the description is how they
> really verify that I legitimately own the site. If
> I should manage to reroute some traffic and do
> DNS cache poisoning on a web-site address, wouldn't
> the system accept my web-site as valid? It seems like
> they are accepting the fact that you can reach the
> site using DNS information (which is not secured)
> as proof of legitimacy.
>
> Or is there something I am missing?
> --
> Liberationtech is public & archives are searchable on Google. Violations
> of list guidelines will get you moderated:
> https://mailman.stanford.edu/mailman/listinfo/liberationtech.
> Unsubscribe, change to digest, or change password by emailing moderator at
> companys at stanford.edu.
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.stanford.edu/pipermail/liberationtech/attachments/20141119/63a2f889/attachment.html>
More information about the liberationtech
mailing list