← Back to context Comment by baby_souffle 14 days ago That just proves you have a way to manipulate DNS.Doesn’t prove you own the thing the IP routes to. 2 comments baby_souffle Reply mixdup 14 days ago I mean that applies to DNS authentication for non-IP certificates, too baby_souffle 7 days ago > I mean that applies to DNS authentication for non-IP certificates, tooRight, but "show me you own foo.com" is a pretty reasonable bar to clear for issuing a certificate with a CN of "foo.com".Show me you own `1.1.1.1` by manipulating the DNS for "foo.com" is ... not quite the same.
mixdup 14 days ago I mean that applies to DNS authentication for non-IP certificates, too baby_souffle 7 days ago > I mean that applies to DNS authentication for non-IP certificates, tooRight, but "show me you own foo.com" is a pretty reasonable bar to clear for issuing a certificate with a CN of "foo.com".Show me you own `1.1.1.1` by manipulating the DNS for "foo.com" is ... not quite the same.
baby_souffle 7 days ago > I mean that applies to DNS authentication for non-IP certificates, tooRight, but "show me you own foo.com" is a pretty reasonable bar to clear for issuing a certificate with a CN of "foo.com".Show me you own `1.1.1.1` by manipulating the DNS for "foo.com" is ... not quite the same.
I mean that applies to DNS authentication for non-IP certificates, too
> I mean that applies to DNS authentication for non-IP certificates, too
Right, but "show me you own foo.com" is a pretty reasonable bar to clear for issuing a certificate with a CN of "foo.com".
Show me you own `1.1.1.1` by manipulating the DNS for "foo.com" is ... not quite the same.