Re: Possible DigiCert in-addr.arpa Mis-issuance

Nick Lamb via dev-security-policy Wed, 27 Feb 2019 07:05:13 -0800

On Tue, 26 Feb 2019 17:10:49 -0600
Matthew Hardeman via dev-security-policy
<[email protected]> wrote:


> Is it even proper to have a SAN dnsName in in-addr.arpa ever?

It does feel as though ARPA should consider adding a CAA record to
in-addr.arpa and similar hierarchies that don't want certificates,
denying all CAs, as a defence in depth measure.

Nick.
_______________________________________________
dev-security-policy mailing list
[email protected]
https://lists.mozilla.org/listinfo/dev-security-policy

Re: Possible DigiCert in-addr.arpa Mis-issuance

Reply via email to