On Tue, Jul 2, 2013 at 10:01 AM, Ralph Holz <h...@net.in.tum.de> wrote: >> DANE: https://tools.ietf.org/html/rfc6698 >> CAA: https://tools.ietf.org/html/rfc6844 >> .... > I wonder whether that would have protected against the Comodo Hacker. It > seems it depends when and from where the CAA checks are run.
it would not. Comodo Hacker used the HSM programmatic interfaces directly to issue certificates, thus bypassing any checks CAA would imply. > ... > It's another reason I like DANE and CT better. fortunately you don't have to pick one; use both ;) -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech