On 2014-09-28 11:10, Greg wrote: > The only person who decides whether the certificate is legitimate or not > is the domain owner. Surely this suffices. If an attack has happened, the domain owner can find out, and can find out what authority is to blame.