top | item 44426749

(no title)

rjst01 | 8 months ago

Yes, but once that access is revoked, that is enough to be certain that the attacker can no longer issue certs. With your proposal, I would then have to audit my TXT records and delete only attacker-created records.

(Which in general would be a good practise anyway, because many services do use domain validation processes similar to what you propose)

discuss

No comments yet.