Just looked at this: https://letsencrypt.org/howitworks/technology/
The EFF's new CA to make things cheap and easy for installing certs. I like the goal. What I do not get from the description is how they really verify that I legitimately own the site. If I should manage to reroute some traffic and do DNS cache poisoning on a web-site address, wouldn't the system accept my web-site as valid? It seems like they are accepting the fact that you can reach the site using DNS information (which is not secured) as proof of legitimacy. Or is there something I am missing? -- Liberationtech is public & archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu.
