> That doesn't particularly matter; if someone takes over the ___domain but doesn't have a leaked key, they can't sign requests for the ___domain with my cert. It takes a leaked key for this to turn into a vulnerability.
It does, if someone gets temporary access, issues a certificate and then keeps using it to impersonate something. Now the malicious actor has to do it much more often, significantly increasing chances of detection.
It does, if someone gets temporary access, issues a certificate and then keeps using it to impersonate something. Now the malicious actor has to do it much more often, significantly increasing chances of detection.