Not sure I understand what you are saying. If you are saying that "Any website w... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		jsn on July 16, 2016 \| parent \| context \| favorite \| on: CloudFlare, We Have a Problem Not sure I understand what you are saying. If you are saying that "Any website who is delegating their DNS to some third party is potentially vulnerable" to subverting SSL/TLS, then you are absolutely wrong. Malicious DNS can help the attacker to insert her servers between the user and the web service the user is trying to access, but it doesn't subvert TLS/SSL man-in-the-middle protection in any way.

cherioo on July 16, 2016 [–]

Malicious DNS can request cert for the domain via e.g. let's encrypt, then it can do whatever it wants.

jsn on July 16, 2016 | [–]

My understanding is that it doesn't apply at least to EV certificates. Also, the parent says that "any user who is delegating their DNS lookups to a third party", but that can't apply to such users either.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact