Reply to post: Re: Subdomain security

Download this update from mybrowser.microsoft.com. Oh, sorry, that was malware on a hijacked sub-domain. Oops

Anonymous Coward
Anonymous Coward

Re: Subdomain security

a) Because certificate revocation is broken and doesn't work (see https://scotthelme.co.uk/revocation-is-broken/)

b) Why do you need your own CA to do that? You would just need any CA that you can automate the revocation

c) If you've got the ability to create such an automated process then why don't you automate the process of removing the entries from the DNS? Better to have the subdomain nuked than just the cert for it.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2021