|
|
|
|
|
|
by ekr____
940 days ago
|
|
|
As far as I know, they do not. Even if they did, it doesn't really address the problem. In order to mount an effective impersonation attack, the attacker needs to either control the network or the DNS. In either case, they will generally be able to remove or change the CAA record; remember that DNSSEC deployment is comparatively rare and browsers do not verify DNSSEC in any case. |
|
|