Tuesday, November 17, 2020

CAA records work

I was setting up a new domain today and I created a CAA DNS record to only allow letsencrypt to issue certs for my domain. I then made some config changes whereby another CAA received a request to issue a cert for the domain. 

And it failed! That's awesome because that is how CAA records are supposed to work. But in my experience, most of the security bolt-ons we've developed over the years do not work. 

I can't be too happy, though. The onus is on the CAA to check for CAA records. This one did but I can't be sure all of them do, but it's a good start. 

No thanks to Google banking

The new Google Pay app is reported to have peer to peer payments and acts more like a banking app than a payment app. Those who know me know...