On Fri, Nov 21, 2025 at 12:46 AM Heikki Linnakangas <[email protected]> wrote: > If I understood the incident correctly, the attacker managed to somehow > obtain a valid TLS certificate for the victim domain. They used that to > perform a MITM attack. They did not have the server's private key. (Or > if they did, they did not use that for the attack).
Oh! Thank you for pointing that out. Yeah, having the private key for *a* host certificate shouldn't help you if it doesn't have the same public fingerprint as the one in use at the peer. (I'm not sure I really internalized that distinction before.) --Jacob
