Reply to post: Re: Ignorance of certificate technology

Story of the creds-leaking Exchange Autodiscover flaw – the one Microsoft wouldn't fix even after 5 years

Anonymous Coward
Anonymous Coward

Re: Ignorance of certificate technology

Mail clients will generally check that a certificate is valid to the extent that it is issued by a trusted issuer and in date. That doesn't stop you using a valid cert for dodgy purposes though. If you put a Lets Encrypt cert somewhere (as was done in this case) then the client will accept it without throwing a warning/error.

CAA records now exist so you can declare which CAs are able to issue certs for your domain using DNS. Haven't seen them used much yet though and I am not sure if mail clients check them.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2022