25 Oct
2023
25 Oct
'23
8:58 a.m.
On Tue 24 Oct 2023 02:06:09 GMT, Andy Smith via BitFolk Users wrote:
DNSSEC+CAA start to seem like very good ideas.
Moreover, DNSSEC+DANE, as they already use Let’s Encrypt, having a CAA
doesn’t prevent them to issue another cert to another party.
But with the public key in the DNS, then the only way to listen to TLS
traffic would be to extract the private key from the running VM.
--
Alarig