|
|
|
|
|
|
by NovemberWhiskey
1556 days ago
|
|
|
It's not enough for everyone involved to have CAA enabled. They need to have CAA enabled and to select a certificate authority that does effective domain ownership validation, which - as the article suggests - means (at minimum) multiple-origin checking of network-based challenge protocols like HTTP-01. Personally, I think anyone who has a heightened attack risk ought to contemplate a CA that does some form of more thorough validation. |
|
|