[phicoh]

That's not correct. If you set the CAA correctly you can limit certificates to for example letsencrypt and dns validation.

An attacker can get around that if a CA does not use DNSSEC validation to check the CAA. But that would be a problem with the CA system.

[tptacek]

I'm not sure you're following. An attacker who controls BGP controls, for some small (or large) section of the Internet, the meaning of IP addresses. No DNS validation gets you around that.

LetsEncrypt does in fact do things to mitigate this attack, but they have nothing to do with DNSSEC: they do multi-perspective lookups, so you'd need Internet-wide routing control.

[phicoh]

It seems you miss something, maybe because you don't consider DNSSEC as something that gets actual use.

With DNSSEC, somebody can reroute traffic all they like, they cannot generate fake DNS responses that are DNSSEC valid for DNSSEC secured victim domain. So if the CAA record is properly set to only allow the dns-01 validation method for ACME, there is simply no way to obtain a false certificate even if the attacker controls all of BGP.