|
|
|
|
|
|
by rjst01
357 days ago
|
|
|
Yes, but once that access is revoked, that is enough to be certain that the attacker can no longer issue certs. With your proposal, I would then have to audit my TXT records and delete only attacker-created records. (Which in general would be a good practise anyway, because many services do use domain validation processes similar to what you propose) |
|
|