Comment by hannob

Comment by hannob 3 days ago

0 replies

View on Hacker News

> We hold an ACME account key on your behalf with the CA, but we cannot use it impersonate your domain or decrypt traffic.

That makes no sense whatsoever. If you have an ACME account key for my domain, of course you can use it to impersonate my domain. You just need to create another certificate. (Which I could detect, but if I know how to do that, I'm probably not going to need your service anyway.)