Hacker News
new
|
past
|
comments
|
ask
|
show
|
jobs
|
submit
login
mukesh610
on April 19, 2025
|
parent
|
context
|
favorite
| on:
Ssl.com: DCV bypass and issue fake certificates fo...
Even then, use of a DNS CAA record should mitigate this, right?
AdamJacobMuller
on April 19, 2025
|
next
[–]
Maybe?
I wouldn't assume that the bug doesn't bypass CAA checking.
Very important question to answer.
jsheard
on April 19, 2025
|
prev
[–]
Yeah - unless you're an actual SSL.com customer, in which case your CAA records would allow it. That's a much smaller blast radius at least.
Guidelines
|
FAQ
|
Lists
|
API
|
Security
|
Legal
|
Apply to YC
|
Contact
Search:
