| ▲ | mukesh610 2 months ago | |
Even then, use of a DNS CAA record should mitigate this, right? | ||
| ▲ | AdamJacobMuller 2 months ago | parent | next [-] | |
Maybe? I wouldn't assume that the bug doesn't bypass CAA checking. Very important question to answer. | ||
| ▲ | jsheard 2 months ago | parent | prev [-] | |
Yeah - unless you're an actual SSL.com customer, in which case your CAA records would allow it. That's a much smaller blast radius at least. | ||