infrastructure/mox
1
0
Fork 0
mirror of https://github.com/mjl-/mox.git synced 2025-07-12 17:04:39 +03:00
Code Issues Packages Projects Releases Wiki Activity

when suggesting CAA records for a domain, suggest variants that bind to the account id and with validation methods used by mox

Browse Source 
should prevent potential mitm attacks. especially when done close to the
machine itself (where a http/tls challenge is intercepted to get a valid
certificate), as seen on the internet last month.
This commit is contained in:
Mechiel Lukkien
2023-12-21 15:16:30 +01:00
parent ca97293cb2
commit db3fef4981
11 changed files with 123 additions and 28 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
rfc/index.txt
View File

@ -319,6 +319,10 @@ See implementation guide, https://jmap.io/server.html
8555 Automatic Certificate Management Environment (ACME)
8737 Automated Certificate Management Environment (ACME) TLS Application-Layer Protocol Negotiation (ALPN) Challenge Extension
# CAA
8657 Certification Authority Authorization (CAA) Record Extensions for Account URI and Automatic Certificate Management Environment (ACME) Method Binding
8659 DNS Certification Authority Authorization (CAA) Resource Record
# DNS
1034 DOMAIN NAMES - CONCEPTS AND FACILITIES
1035 DOMAIN NAMES - IMPLEMENTATION AND SPECIFICATION