Y
Hacker News
new
|
ask
|
show
|
jobs
by
mukesh610
421 days ago
Even then, use of a DNS CAA record should mitigate this, right?
2 comments
AdamJacobMuller
421 days ago
Maybe?
I wouldn't assume that the bug doesn't bypass CAA checking.
Very important question to answer.
link
jsheard
421 days ago
Yeah - unless you're an actual SSL.com customer, in which case your CAA records would allow it. That's a much smaller blast radius at least.
link
I wouldn't assume that the bug doesn't bypass CAA checking.
Very important question to answer.