How can I test in my device checks DNS CAA correctly and rejects TLS certificates that are signed by an unauthorized CA?

I would like to know how I can test if my devices, or browsers1 checks and applies DNS Certification Authority Authorization (CAA) correctly. And if it does not, how I can enable it and enforce CAA to be checked and rejected or at least wa… Continue reading How can I test in my device checks DNS CAA correctly and rejects TLS certificates that are signed by an unauthorized CA?

Someone issued fake CAA records for my domain. What is the most important thing to do to resolve it?

First, I can update this with the affected domain, if it’s critical, but for obvious reasons I’d like not to be the target of more problems.
Someone registered some CAA records for my domain.
I have full control of all related accounts: Re… Continue reading Someone issued fake CAA records for my domain. What is the most important thing to do to resolve it?

[SANS ISC] Quick Status of the CAA DNS Record Adoption

I published the following diary on isc.sans.edu: “Quick Status of the CAA DNS Record Adoption“: In 2017, we already published a guest diary about “CAA” or “Certification Authority Authorization”. I was curious about the status of this technique and the adoption level in 2020. Has it been adopted massively since

The post [SANS ISC] Quick Status of the CAA DNS Record Adoption appeared first on /dev/random.

Continue reading [SANS ISC] Quick Status of the CAA DNS Record Adoption

What Is a CAA Record? Your Guide to Certificate Authority Authorization

Did you know that there’s an easy way to control which CAs can issue certificates for your domain? Here’s everything to know about CAA records for your DNS.
The post What Is a CAA Record? Your Guide to Certificate Authority Authorization a… Continue reading What Is a CAA Record? Your Guide to Certificate Authority Authorization