I don’t quite follow why a missing underscore results in a security problem. It ... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		jtc331 on Aug 7, 2024 \| parent \| context \| favorite \| on: Jeremy Rowley resigns from DigiCert due to mass-re... I don’t quite follow why a missing underscore results in a security problem. It seems like it must be somehow related to what’s valid for CNAME records?

aaomidi on Aug 7, 2024 [–]

For DNS managers, it’s a known thing to restrict the use of domains that start with _. It’s effectively a reserved keyword.

In this case, a sophisticated attacker can get certificates for domains they don’t control by abusing this.

jtc331 on Aug 7, 2024 | [–]

Thanks, that’s helpful information.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact