Digicert really is trying to explain this as nothing whereas they avoided a huge issue if someone realized you could get a wild card certificate for a domain you don’t own. The underscore in domain validation is needed so that subdomain DNS providers don’t issue a subdomain which can be used for domain validation. Without the underscore, someone could validate a domain and the register a username without the underscore at a provider which sets your subdomain as your username.
Pretty bad situation but it could be worse if that happened and Digicert became untrusted completely.
Digicert really is trying to explain this as nothing whereas they avoided a huge issue if someone realized you could get a wild card certificate for a domain you don’t own. The underscore in domain validation is needed so that subdomain DNS providers don’t issue a subdomain which can be used for domain validation. Without the underscore, someone could validate a domain and the register a username without the underscore at a provider which sets your subdomain as your username.
Pretty bad situation but it could be worse if that happened and Digicert became untrusted completely.