And for stateless clients, they can generate certificates for such domains even if there is no currently valid authorizations, if I’m not mistaken: XSS via ACME implementations
1 Like
And for stateless clients, they can generate certificates for such domains even if there is no currently valid authorizations, if I’m not mistaken: XSS via ACME implementations