Misconfiguration Certificate Authority Authorization Rule

Example:

https://dns.google/query?name=google.com&rr_type=257&ecs=

https://caatest.co.uk/google.com

Certificate Authority Authorization (supported by LetsEncrypt and other CAs) allows a domain owner to specify which Certificate Authorities should be allowed to issue certificates for the domain. All CAA-compliant certificate authorities should refuse to issue a certificate unless they are the CA of record for the target site. This helps reduce the threat of a bad guy tricking a Certificate Authority into issuing a phony certificate for your site. The CAA rule is stored as a DNS resource record of type 257.

当然，正常人不认为这是安全漏洞。

posted @ 2022-01-11 14:40 唐小风阅读(75) 评论(0) 编辑收藏举报

刷新页面返回顶部

txf's Blog

Misconfiguration Certificate Authority Authorization Rule

公告