Collaborate Disseminate
I would like to know how I can test if my devices, or browsers1 checks and applies DNS Certification Authority Authorization (CAA) correctly. And if it does not, how I can enable it and enforce CAA to be checked and rejected or at least wa… Continue reading How can I test in my device checks DNS CAA correctly and rejects TLS certificates that are signed by an unauthorized CA?
First, I can update this with the affected domain, if it’s critical, but for obvious reasons I’d like not to be the target of more problems.
Someone registered some CAA records for my domain.
I have full control of all related accounts: Re… Continue reading Someone issued fake CAA records for my domain. What is the most important thing to do to resolve it?
Consider the following DNS setup of example.com:
A 89.41.169.49 # this is for redirect.pizza
CAA 0 issue "letsencrypt.org"
www CNAME ghs.googlehosted.com
If I have understood correctly… Continue reading Are problems expected when a subdomain CNAME target has no CAA record?
CAA, or Certificate Authority Authorization, provides a way to designate which CAs are allowed to create a Certificate for specific domains. This is done accomplished by publishing new caa DNS records, with three directives: issue issuewi… Continue reading What is the purpose of the critical flag being enabled (128) on a CAA IODEF record?
I published the following diary on isc.sans.edu: “Quick Status of the CAA DNS Record Adoption“: In 2017, we already published a guest diary about “CAA” or “Certification Authority Authorization”. I was curious about the status of this technique and the adoption level in 2020. Has it been adopted massively since
The post [SANS ISC] Quick Status of the CAA DNS Record Adoption appeared first on /dev/random.
Continue reading [SANS ISC] Quick Status of the CAA DNS Record Adoption
Did you know that there’s an easy way to control which CAs can issue certificates for your domain? Here’s everything to know about CAA records for your DNS.
The post What Is a CAA Record? Your Guide to Certificate Authority Authorization a… Continue reading What Is a CAA Record? Your Guide to Certificate Authority Authorization
I’ve been looking into ways to detect a Man In the Middle attack, when the client has "duped" into trusting third party CA. Examples of this are, anti-virus applications and corporate firewalls who are now installing their own c… Continue reading Detecting a web based MITM attack?
On Wednesday millions of Transport Layer Security certificates will be revoked because of a Certificate Authority Authorization bug. Continue reading Let’s Encrypt to Revoke Millions of TLS Certs
A CAA DNS record limits the certificate authorities that may issue a certificate for a domain and its subdomains. Do CAA records make sense in a LAN environment? Assume internal hostnames such as ldap.emea.contoso.local, with… Continue reading Does a CAA record on a local hostname in a LAN offer additional security?
Three tiny Scottish airports have been given the go-ahead to ‘streamline’ security checks. Is that a good thing? Continue reading Easing of security checks at remote Scottish airports ‘a risk’