Comment by ranger207

Comment by ranger207 2 days ago

1 reply

View on Hacker News

What's the end goal here? A new cert per connection? I think if, hypothetically, that were the case, where Let's Encrypt validates the domain owner on every connection, then that'd move the attack surface from trying to get private cert keys to... other attacks, in general. Is there reason to believe that "other attacks" are less likely? Have there been many cases of should-have-been-revoked certs being used improperly?

mholt a day ago

"Other attacks" are much more expensive and for much less gain.

Reply View 0 replies