this post was submitted on 30 Jul 2024
7 points (100.0% liked)

Hacker News

2171 readers
1 users here now

A mirror of Hacker News' best submissions.

founded 2 years ago
MODERATORS
bot@lemmy.smeargle.fans
7
DigiCert Revocation Incident (CNAME Domain Validation) (www.digicert.com)
submitted 1 year ago by bot@lemmy.smeargle.fans to c/hackernews@lemmy.smeargle.fans
2 comments fedilink hide all child comments
 

HN Discussion

you are viewing a single comment's thread
view the rest of the comments
[–] bamboo@lemmy.blahaj.zone 1 points 1 year ago

Digicert really is trying to explain this as nothing whereas they avoided a huge issue if someone realized you could get a wild card certificate for a domain you don't own. The underscore in domain validation is needed so that subdomain DNS providers don't issue a subdomain which can be used for domain validation. Without the underscore, someone could validate a domain and the register a username without the underscore at a provider which sets your subdomain as your username.

Pretty bad situation but it could be worse if that happened and Digicert became untrusted completely.