|
|
|
|
|
|
by Ayesh
2093 days ago
|
|
|
Well there's DNSSEC. Implementation details (such as lack of practice in key rotation, TTL, etc) aside, DNSSEC works and LetsEncrypt validates it. Then there is Certificate Transparency logs. It will be passive action at this point, but it's an action regardless. Let's Encrypt checks DNS validation and DNS CAA from multiple PoPs, but I don't think it's enforced by CA/B requirements to do so (happy to be corrected). |
|
|