Am 25.11.2015 um 18:28 schrieb moparisthebest:
A domain validated certificate doesn't and never has said "This entire
machine is controlled solely by the domains specified in this
certificate", instead it says "This particular service/port on this
server is authorized by this domain to provide this service, however
this machine or even this port (via SNI) could host plenty of other
services/domains as well"
The resolution of a certificate is the domain name, e.g. it is valid for
all services on the machine. If you get the certificate for a port then
you may misuse it to intercept traffic to other ports / services.
Roland
_______________________________________________
Acme mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/acme
