Tuesday, November 17, 2020

CAA records work

I was setting up a new domain today and I created a CAA DNS record to only allow letsencrypt to issue certs for my domain. I then made some config changes whereby another CAA received a request to issue a cert for the domain. 

And it failed! That's awesome because that is how CAA records are supposed to work. But in my experience, most of the security bolt-ons we've developed over the years do not work. 

I can't be too happy, though. The onus is on the CAA to check for CAA records. This one did but I can't be sure all of them do, but it's a good start. 
at

No thanks to Google banking

The new Google Pay app is reported to have peer to peer payments and acts more like a banking app than a payment app. Those who know me know...

  • It's Dvorak keyboard time
     I've been interested in switching to the Dvorak keyboard layout for some time. Today, I was looking through my phone's keyboard set...
  • Space elevators FTW!
    I'm reading the book "Soonish" which is an explanation why we don't have all the neat future stuff we were supposed to hav...
  • No thanks to Google banking
    The new Google Pay app is reported to have peer to peer payments and acts more like a banking app than a payment app. Those who know me know...