Just grab these IP packets when CA comes to validate that you own that domain. Perhaps EV could solve that to some extent but it is never mandated.
Even if you tried to put any stuff into WHOIS to mitigate this, your hoster can serve any bullshit on this channel too.
It does look very bad and SSH approach to certificates is just infinitely better. If Jabber used SSL keys instead, they will be alerted immediately.
Come to think of it, your hoster can also find ways to steal keys directly from hardware, though.
Just grab these IP packets when CA comes to validate that you own that domain. Perhaps EV could solve that to some extent but it is never mandated.
Even if you tried to put any stuff into WHOIS to mitigate this, your hoster can serve any bullshit on this channel too.
It does look very bad and SSH approach to certificates is just infinitely better. If Jabber used SSL keys instead, they will be alerted immediately.
Come to think of it, your hoster can also find ways to steal keys directly from hardware, though.