Remix.run Logo
mukesh610 2 months ago

Even then, use of a DNS CAA record should mitigate this, right?

AdamJacobMuller 2 months ago | parent | next [-]

Maybe?

I wouldn't assume that the bug doesn't bypass CAA checking.

Very important question to answer.

jsheard 2 months ago | parent | prev [-]

Yeah - unless you're an actual SSL.com customer, in which case your CAA records would allow it. That's a much smaller blast radius at least.