|
|
|
|
|
|
by jlgaddis
1999 days ago
|
|
|
That wouldn't quite work the way you think it would... The CAA record is useful only at the time a certificate is issued (signed) by a CA. A client has no way to know what the CAA record was at the time the certificate was issued -- a browser cannot ("at acceptance-time") use the current value of the CAA record to determine whether a certificate was properly issued or not. |
|
|