The Hacker‘s ChoiceDRAFT Release: Don't share outside mastodon yet. Please comment and review :>
Søborg@thc This is solved with ACME-CAA (#RFC8657), not that people use ACME-CAA, but it is actually fairly easy to setup: https://norrebro.space/@n/111355026651084793
Søborg (@n@norrebro.space)
Keep leaving dangling DNS records pointing towards DO/Linode? Worried about potential BGP hijacking? Concerned about running a russian Jabber and the possibility of law enforcement interference? Well, we've got a solution for you! Introducing: ACME-CAA (#RFC8657) 🚀 If you're only using Let's Encrypt as CA and Caddy's automatic cert management, you can easily protect against these scenarios. I've written a small guide here: https://søb.org/ACME-CAA/
@n Thank you for your feedback. Thank you for the RFC-8657 note. I have not read it yet but I assume it has the same problem as RFC-8555 - it shifts the liability to the admin to use it. It's totally voluntary and no end-user can tell (by browser locks or so) that it is being used.