On 25/02/2019 07:20, Bill Woodcock wrote:
On Feb 24, 2019, at 7:41 PM, Montgomery, Douglas (Fed) <[email protected]> wrote:
In the 3rd attack noted below, do we know if the CA that issued the DV CERTS
does DNSSEC validation on its DNS challenge queries?
We know that neither Comodo nor Let's Encrypt were DNSSEC validating before
issuing certs. The Let’s Encrypt guys at least seemed interested in learning
from their mistake. Can’t say as much of Comodo.
-Bill
Bill,
Did you have a CAA record defined and if not, why not?
-Hank
