|
|
|
|
|
|
by mcpherrinm
482 days ago
|
|
|
In any security setting, it’s usually good to have both controls and detection. CAA records help prevent unexpected issuance, but what if your DNS server is compromised? DNSSEC might help. Certificate Transparency provides a detection mechanism. Also, unlike CAA records which are enforced only by policy that CAs must respect them, CT is technically enforced by browsers. So they are complimentary. A security-sensitive organization should have both. |
|
|