Warning: Some posts on this platform may contain adult material intended for mature audiences only. Viewer discretion is advised. By clicking ‘Continue’, you confirm that you are 18 years or older and consent to viewing explicit content.
There are cases of malicious/incompetent CAs issuing certificates to parties who don’t own the domains. DigiNotar was the most famous one, and recently there was a Chinese CA (I forgot the name) booted from the list as well. Once they’re detected (browsers report SSL certs they see back to mothership for audit) they would be removed from trusted lists though, so chance that they’re only used for high value targets and can’t be used that often.
There are cases of malicious/incompetent CAs issuing certificates to parties who don’t own the domains. DigiNotar was the most famous one, and recently there was a Chinese CA (I forgot the name) booted from the list as well. Once they’re detected (browsers report SSL certs they see back to mothership for audit) they would be removed from trusted lists though, so chance that they’re only used for high value targets and can’t be used that often.