Adrian Moisey

1871 days ago

A new DNS record that Certificate Authorities are now required to check before issuing a certificate, to determine if they're allowed to do so.

CAA checking becomes mandatory for SSL/TLS certificates

ma.ttias.be

This was news to me in a few ways; first, there's a new DNS resource record called CAA (Certificate Authority Authorization) and second, Certificate Authorities are now required to check that record before issuing a certificate, to determine if they're allowed to do so.