[dns-operations] DNSSEC deployment incentives
Tony Finch
dot at dotat.at
Tue Jun 18 10:09:46 UTC 2019
Viktor Dukhovni <ietf-dane at dukhovni.org> wrote:
>
> Well, a knowledgeable CSO might be aware the next MiTM victim may
> well be a Certification Authority, say Let's Encrypt.
I've been doing Let's Encrypt stuff recently and it would be a lot safer
if there were a CAA restriction that required DNSSEC-authenticated dns-01
verification and prevented http-01.
Tony.
--
f.anthony.n.finch <dot at dotat.at> http://dotat.at/
Faeroes: Cyclonic 3 or 4, occasionally 5 in east. Slight or moderate. Rain or
showers, fog patches. Moderate or good, occasionally very poor.
More information about the dns-operations
mailing list