The Latest in IT Security

DNS record will help prevent unauthorized SSL certificates

12
Apr
2017
DNS record will help prevent unauthorized SSL certificates

dns-record-will-help-prevent-unauthorized-ssl-certificates

In a few months, publicly trusted certificate authorities will have to start honoring a special Domain Name System (DNS) record that allows domain owners to specify who is allowed to issue SSL certificates for their domains.

The Certification Authority Authorization (CAA) DNS record became a standard in 2013 but didn’t have much of a real-world impact because certificate authorities (CAs) were under no obligation to conform to them.

The record allows a domain owner to list the CAs that are allowed to issue SSL/TLS certificates for that domain. The reason for this is to limit cases of unauthorized certificate issuance, which can be accidental or intentional, if a CA is compromised or has a rogue employee.

Read More

Leave a reply


Categories

FRIDAY, APRIL 28, 2017

Featured

Archives

Latest Comments

Social Networks