Mis-issued certificates for 1.1.1.1 DNS service pose a threat to the Internet
Security concerns have arisen due to the issuance of three TLS certificates for Cloudflare's 1.1.1.1 DNS service, potentially allowing decryption of domain lookup queries encrypted through DNS over HTTPS. These certificates, issued in May, could impact services like Cloudflare's WARP VPN. The certificates were brought to public attention recently and were issued by Fina RDC 2020, a subordinate of Fina Root CA, trusted by the Microsoft Root Certificate Program. Microsoft Edge, used by around 5% of internet browsers, is affected by this issue.
Ars Technica•