Hacker News new | past | comments | ask | show | jobs | submit login

This is actually a great suggestion and ACME providers should provide it as an opt-in feature via CAA record. Not even the provider having access to system memory could issue a mitm cert without you noticing.



The provider having access to system memory can copy the private key and use your original key+cert for MITM, unless you are using some fancy HSM.




Consider applying for YC's Spring batch! Applications are open till Feb 11.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: