On 14/12/2018 21:06, Wayne Thayer via dev-security-policy wrote: <snip> > I think it;s worth calling out that Let's Encrypt has implemented what > appears to be a relatively simple mitigation: > https://community.letsencrypt.org/t/edns-buffer-size-changing-to-512-bytes/77945
Sectigo implemented this same mitigation about a month ago. > I am also interested to know if other CAs are considering this or other > mitigations (e.g. multi-perspective validation) for this attack. Multi-perspective validation is something we've started to think about too. -- Rob Stradling Senior Research & Development Scientist Sectigo Limited _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy
