DigiCert mass-revoking TLS certificates due to domain validation bug
bleepingcomputer.com> "Although the chance of a collision is extremely low because the random value has at least 150 bits of entropy, there is still a chance."
I am... speechless. I mean... Um.
The last time I checked, no one was able to break 128 bits of security for anything, let alone 150 bits, or for a domain validation of some domain name no one cares about.
This is the same attitude that has everyone deploying in-kernel code and arbitrary updates written by companies who can't get the basic QA right. The auditors and lawyers get to decide what "security" looks like.
It's "best to be safe".