Y
Hacker News
new
|
ask
|
show
|
jobs
by
immibis
747 days ago
Because Let's Encrypt is the CA that hands out certificates without actually verifying identity.
1 comments
phicoh
747 days ago
If you set the CAA correctly, then letsencrypt will limit validation to the dns method. Together with DNSSEC that is enough to prevent issuing certificates in case of a route hijack.
link