Incident Mis-Issued Certificates for IP Address 1.1.1.1
Posted4 months agoActive4 months ago
unmitigatedrisk.comTechstory
calmneutral
Debate
20/100
Ssl/tlsBgpNetwork Security
Key topics
Ssl/tls
Bgp
Network Security
The post discusses an incident where mis-issued certificates were obtained for IP address 1.1.1.1, and the discussion revolves around the implications of this incident and the potential motivations behind it, including the role of BGP hijacking.
Snapshot generated from the HN discussion
Discussion Activity
Light discussionFirst comment
4h
Peak period
1
4-5h
Avg / period
1
Key moments
- 01Story posted
Sep 3, 2025 at 10:59 PM EDT
4 months ago
Step 01 - 02First comment
Sep 4, 2025 at 3:19 AM EDT
4h after posting
Step 02 - 03Peak activity
1 comments in 4-5h
Hottest window of the conversation
Step 03 - 04Latest activity
Sep 4, 2025 at 8:02 AM EDT
4 months ago
Step 04
Generating AI Summary...
Analyzing up to 500 comments to identify key contributors and discussion patterns
ID: 45123024Type: storyLast synced: 11/20/2025, 11:35:13 AM
Want the full context?
Jump to the original sources
Read the primary article or dive into the live Hacker News thread when you're ready.
The intractable and difficult root (pun unintended) problem is OS/browsers/CA root cert list providers must delegate trust carefully to legit CAs while continually auditing they're not issuing garbage certs to entities that can't prove they own the subject(s) they're covering.
CA = Certifying Authority is the issuer of certs that make https:// work, but isn't limited to uses of just the web. S/MIME email, some software signatures, and more.