alt Hacker NewsNothing mentioned will help for a website with a Let's Encrypt SSL cert. How can I know with confidence that I can conduct commerce with this website that purports to be the company and it's not a typo squatter from North Korea? A google search doesn't cut it. Nothing in this thread has answered that basic question.
It's a non-issue for DigiCert and Sectigo certs. I can click on the certs and see for myself that they're genuine.
Replies
No you can't. Even during the EV years, clowning an EV cert was more like a casual stunt for researchers than an actual disclosable event. In reality, there's nothing DigiCert is meaningfully doing to assure you about "conducting commerce" on sites.
> It's a non-issue for DigiCert and Sectigo certs. I can click on the certs and see for myself that they're genuine.
You can see for yourself that a Let's Encrypt certificate is genuine too.
Worse than typosquatting is EV’s problem that anyone can register a corporation with an identical name.
https://web.archive.org/web/20171211181630/https://stripe.ia...