|
|
|
|
|
|
by londons_explore
424 days ago
|
|
|
> No, because the CAA record only has to be in place at the time of issuance, rather than the whole lifetime of the certificate. could we change this? Ie. if the CAA record disappears, it would be a reason to revoke a certificate? Then 3rd parties could scan transparency logs and CAA records and flag discrepancies. |
|
|
Personally I think this is another good argument for short lived certificates and reducing reliance on revocation systems.