Tuesday, November 17, 2020

CAA records work

I was setting up a new domain today and I created a CAA DNS record to only allow letsencrypt to issue certs for my domain. I then made some config changes whereby another CAA received a request to issue a cert for the domain. 

And it failed! That's awesome because that is how CAA records are supposed to work. But in my experience, most of the security bolt-ons we've developed over the years do not work. 

I can't be too happy, though. The onus is on the CAA to check for CAA records. This one did but I can't be sure all of them do, but it's a good start. 

Right to Repair finally gets a win.

"Big Ag is a particularly odious repair troll, and John Deere is its standard-bearer. The company has been trying to felonize farmers&#...