> And are URLs (w/ DNSSEC and TLS) really that easy to hijack?
During the Google Domains-Squarespace transition, there was a vulnerability that enabled relatively simple domain takeovers. And once you control the DNS records, it's trivial to get Let's Encrypt to issue you a cert and adjust the DNSSEC records to match.
During the Google Domains-Squarespace transition, there was a vulnerability that enabled relatively simple domain takeovers. And once you control the DNS records, it's trivial to get Let's Encrypt to issue you a cert and adjust the DNSSEC records to match.
https://securityalliance.notion.site/A-Squarespace-Retrospec...