| ▲ | dcow a year ago | |||||||
If someone does that you’ve already been pwned. In reality you limit the CA to be domain scoped. I don’t know why domain-scoped CAs aren’t a thing. | ||||||||
| ▲ | jabiko a year ago | parent [-] | |||||||
> If someone does that you’ve already been pwned Then why use encryption at all when your threat model for encrypted communication can't handle a malicious actor on the network? | ||||||||
| ||||||||