|
|
|
|
|
|
by treysis
2374 days ago
|
|
|
No, I am not affiliated with them (though we follow each other on Twitter). My point is, I don't see any security implication involved with a wrong PTR record in relation to this service. If I set the PTR of my IP to this domain, but the domain itself resolves to some other IP. Or are you implying they can only request a cert if the PTR matches the domain? At least for LetsEncrypt this is not true, otherwise home owners with dynamic IPs wouldn't be able to request certificates. |
|
|
As your users start using it, the owner of the name can now point the AAAA record to another server that will act as a proxy, request a new certificate (he owns the domain) and see all the encrypted communication.