[dns-operations] DNSSEC deployment incentives

Tony Finch dot at dotat.at
Tue Jun 18 10:09:46 UTC 2019

Viktor Dukhovni <ietf-dane at dukhovni.org> wrote:
> Well, a knowledgeable CSO might be aware the next MiTM victim may
> well be a Certification Authority, say Let's Encrypt.

I've been doing Let's Encrypt stuff recently and it would be a lot safer
if there were a CAA restriction that required DNSSEC-authenticated dns-01
verification and prevented http-01.

f.anthony.n.finch  <dot at dotat.at>  http://dotat.at/
Faeroes: Cyclonic 3 or 4, occasionally 5 in east. Slight or moderate. Rain or
showers, fog patches. Moderate or good, occasionally very poor.

More information about the dns-operations mailing list