25 Feb
2019
25 Feb
'19
4:37 a.m.
On Feb 24, 2019, at 22:03, Hank Nussbacher <hank@efes.iucc.ac.il> wrote:
Did you have a CAA record defined and if not, why not?
If the attacker got a CA to issue the cert because they changed the DNS server to be their own, a CAA record wouldn’t have helped (or at least been even easier to thwart than DNSSEC). Ask