On Sun, Oct 16, 2016 at 03:51:27AM +0100, Hugo Landau wrote: > I've updated my ACME-CAA draft to add the 'acme-methods' parameter: > > http://hlandau.github.io/draft-landau-acme-caa/
Security considerations might mention that not all methods are equally secure under DNSSEC (I didn't see this mentioned): E.g. HTTP-01 can be falsely passed by hijacking connections to the addresses obtained from the DNS, and DNSSEC can't protect against this, while the same kind of attack won't work against DNS-01 (since all data comes from DNS, and thus DNSSEC can verify it). -Ilari _______________________________________________ Acme mailing list [email protected] https://www.ietf.org/mailman/listinfo/acme
