Y
Hacker News
new
|
ask
|
show
|
jobs
by
perching_aix
563 days ago
I think the current "meta" is CAA records?
https://blog.cloudflare.com/why-certificate-pinning-is-outda...
2 comments
syncsynchalt
562 days ago
CAA records rely on the CAs to respect them, and this is an article about how a CA has issued a cert in violation of a CAA record.
link
perching_aix
562 days ago
Oh right, for some reason I was under the impression that browsers utilize the record too.
link
8organicbits
563 days ago
Correct, which Google is using:
https://www.nslookup.io/domains/google.com/dns-records/caa/
link