Tuesday, November 17, 2020

CAA records work

I was setting up a new domain today and I created a CAA DNS record to only allow letsencrypt to issue certs for my domain. I then made some config changes whereby another CAA received a request to issue a cert for the domain. 

And it failed! That's awesome because that is how CAA records are supposed to work. But in my experience, most of the security bolt-ons we've developed over the years do not work. 

I can't be too happy, though. The onus is on the CAA to check for CAA records. This one did but I can't be sure all of them do, but it's a good start. 
at

Right to Repair finally gets a win.

"Big Ag is a particularly odious repair troll, and John Deere is its standard-bearer. The company has been trying to felonize farmers&#...

  • Alternative way to write PHP $_POST data
    I had a situation recently where I could not write the $_POST array to a file. During debug, I learned that the $_POST data was being saved ...
  • It's Dvorak keyboard time
     I've been interested in switching to the Dvorak keyboard layout for some time. Today, I was looking through my phone's keyboard set...
  • Space elevators FTW!
    I'm reading the book "Soonish" which is an explanation why we don't have all the neat future stuff we were supposed to hav...