Jan Wildeboer 😷
:krulorange:@jwildeboer@social.wildeboer.net
TIL (Today I learned) about RFC9495 https://datatracker.ietf.org/doc/rfc9495/ that extends RFC8659 by adding a new CAA property in DNS called "issuemail" that defines wich CA(s) (Certification Authorities) are allowed to create S/MIME eMail certificates for a domain. And if you don't use S/MIME, you should set it to ";" which means that no CA is allowed to do that.
CAA 0 issuemail ";"
#SMIME #CA #NerdCert