Questions tagged [caa]
A Certification Authority Authorization (CAA) is a DNS record that limits what Certificate Authorities that may issue certificates for the domain in question.
6
questions
0
votes
1
answer
145
views
How can I test in my device checks DNS CAA correctly and rejects TLS certificates that are signed by an unauthorized CA?
I would like to know how I can test if my devices, or browsers1 checks and applies DNS Certification Authority Authorization (CAA) correctly. And if it does not, how I can enable it and enforce CAA to ...
0
votes
1
answer
273
views
Someone issued fake CAA records for my domain. What is the most important thing to do to resolve it?
First, I can update this with the affected domain, if it's critical, but for obvious reasons I'd like not to be the target of more problems.
Someone registered some CAA records for my domain.
I have ...
1
vote
1
answer
543
views
Are problems expected when a subdomain CNAME target has no CAA record?
Consider the following DNS setup of example.com:
A 89.41.169.49 # this is for redirect.pizza
CAA 0 issue "letsencrypt.org"
www CNAME ghs....
3
votes
1
answer
1k
views
What is the purpose of the critical flag being enabled (128) on a CAA IODEF record?
CAA, or Certificate Authority Authorization, provides a way to designate which CAs are allowed to create a Certificate for specific domains. This is done accomplished by publishing new caa DNS records,...
1
vote
0
answers
396
views
Detecting a web based MITM attack?
I've been looking into ways to detect a Man In the Middle attack, when the client has "duped" into trusting third party CA. Examples of this are, anti-virus applications and corporate ...
2
votes
1
answer
468
views
Does a CAA record on a local hostname in a LAN offer additional security?
A CAA DNS record limits the certificate authorities that may issue a certificate for a domain and its subdomains. Do CAA records make sense in a LAN environment? Assume internal hostnames such as ldap....