|
|
|
|
|
|
by cortesoft
426 days ago
|
|
|
So CAS records are supposed to keep a CA from issuing a certificate if the CAA record exists and doesn't have that CA. However, this is relying on the CA to properly check the record. If the CA has a bug where it isn't validating properly, they could also fail to check the CAA properly. Also, this doesn't help against a malicious or compromised CA. |
|
|