Y
Hacker News
new
|
ask
|
show
|
jobs
by
rot256
74 days ago
For LetsEncrypt, routing
is
authentication: if packets routed to the IP in the A record end up at your place, you can get a cert for that domain.
1 comments
gerdesj
74 days ago
DNSSEC and DNS-01 challenges
might
do the trick at the cost of significant effort, provided LE could be directed to check, similar to the way MTA-STS works.
link
fanf2
74 days ago
Let’s Encrypt has been doing DNSSEC validation for years. DNSSEC could have prevented the jabber.ru MITM attack.
link