[members-discuss] Charging scheme 2025 proposal (logarithmic)
- Previous message (by thread): [members-discuss] Charging scheme 2025 proposal (logarithmic)
- Next message (by thread): [members-discuss] Charging scheme 2025 proposal (logarithmic)
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Andrey Korolyov
andrey at xdel.ru
Tue Apr 16 21:44:53 CEST 2024
On Tue, Apr 16, 2024 at 10:30 PM Kaj Niemi <kajtzu at basen.net> wrote: > > Hi, > > > Both RIPE and their CDN seem to use DNSSEC. > > Indeed, the CDN utilizes LE as the issuing CA. The LE does publish the list of issued certificates as part of Certificate Transparency, as far as I know the list is public and can be consumed by anyone. > > Is there some specific concern you're thinking of? > > > > Kaj Yes, there is a simple way for circumventing the issuing procedure of LE certificates when an actor is able to act as man-in-the-middle, see [1] for example. Theoretical assumptions of the same kind of attack circulated around security-related communities since beginning of LE deployment and it's quite strange to see the org with annual budget of tens on M$ using zero-liability CA for the primary web resource. 1. https://therecord.media/jabber-ru-alleged-government-wiretap-expired-tls-certificate
- Previous message (by thread): [members-discuss] Charging scheme 2025 proposal (logarithmic)
- Next message (by thread): [members-discuss] Charging scheme 2025 proposal (logarithmic)
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]