Account confirmers, Anti-spam team, Confirmed users, Bureaucrats and Sysops emeriti
4,925
edits
(More equivocation on DNS reconnaissance) |
|||
Line 19: | Line 19: | ||
===== Response ===== | ===== Response ===== | ||
This is an argument for security through obscurity, the value of which is given different weights by different security professionals. | This is an argument for security through obscurity, the value of which is given different weights by different security professionals. It is noted that hostnames leak in a number of other ways and so the level of obscurity this provides is also disputed; other DNS reconnaissance techniques may well work but be more complex or time consuming than simply consulting a CT server. | ||
As for multiple wildcard certs being hard to track, they would have different serial numbers, so automated provisioning software could tell them apart without difficulty. | As for multiple wildcard certs being hard to track, they would have different serial numbers, so automated provisioning software could tell them apart without difficulty. |