Comment by AdamJacobMuller
3 years ago
It's not about proving ownership, if it was about proving ownership we would do this via something at the registrar level.
It's about proving /control/. If a domain name is pointed to me (my IP/CNAME) I control it and it is reasonable to allow that person to issue an SSL certificate for a domain (or subdomain) under their control. If you, as the domain owner, want to restrict that, CAA exists as your tool to do so.
No comments yet
Contribute on Hacker News ↗