top | item 46143713 (no title) akovaski | 2 months ago I'm not sure what that would solve. You would still need some central entity to sign the DNS TXT record, to ensure that the HTTPS client does not use a tampered DNS TXT record. discuss order hn newest tzs|2 months ago If someone can tamper with your DNS TXT records now they can get a certificate for your domain. franga2000|2 months ago Not tamper with the record directly, but MitM it on the way to a target. load replies (2) arp242|2 months ago That's already the case with dns-01 verification, no?Besides, if someone has access to your TXT records then chances are they can also change A records, and you've lost already.
tzs|2 months ago If someone can tamper with your DNS TXT records now they can get a certificate for your domain. franga2000|2 months ago Not tamper with the record directly, but MitM it on the way to a target. load replies (2) arp242|2 months ago That's already the case with dns-01 verification, no?Besides, if someone has access to your TXT records then chances are they can also change A records, and you've lost already.
franga2000|2 months ago Not tamper with the record directly, but MitM it on the way to a target. load replies (2)
arp242|2 months ago That's already the case with dns-01 verification, no?Besides, if someone has access to your TXT records then chances are they can also change A records, and you've lost already.
tzs|2 months ago
franga2000|2 months ago
arp242|2 months ago
Besides, if someone has access to your TXT records then chances are they can also change A records, and you've lost already.