top | item 33289949 (no title) xfer | 3 years ago Can you not mitm the CA's dns lookups for http, tls-alpn challenges and make them sign the certificates for you? How does letsencrypt prevent this? Do they check with multiple resolvers around the world? discuss order hn newest tptacek|3 years ago Yes, they check with multiple resolvers around the world. ehPReth|3 years ago well, two do at least. hopefully more
tptacek|3 years ago Yes, they check with multiple resolvers around the world. ehPReth|3 years ago well, two do at least. hopefully more
tptacek|3 years ago
ehPReth|3 years ago