On Tuesday, September 19, 2017 at 10:37:20 AM UTC-5, Gervase Markham wrote: > On 19/09/17 14:58, Nick Lamb wrote: > > An attacker only has to _prefer_ one particular CA for any reason, > <snip> > > Yep, fair. > > Gerv
Quite true. In the example scenario that I have just posted, such preference might well take the form of "Particular CA X is preferred as they don't perform DNSSEC validation of their CAA queries." _______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
