Bright, Peter (29 de agosto de 2011). «Another fraudulent certificate raises the same old questions about certificate authorities»(html). Ars Technica(en inglés). Archivado desde el original el 10 de febrero de 2018. Consultado el 16 de junio de 2018. «Earlier this year, an Iranian hacker broke into servers belonging to a reseller for certificate authority Comodo and issued himself a range of certificates for sites including Gmail, Hotmail, and Yahoo! Mail. With these certificates, he could eavesdrop on users of those mail providers, even if they use SSL to protect their mail sessions.»
arxiv.org
Ruohonen, Jukka (20 de abril de 2018). «An Empirical Survey on the Early Adoption of DNS Certification Authority Authorization» (en en). arXiv:1804.07604 [cs.CR].
Ristić, Ivan (10 de octubre de 2017). «SSL/TLS and PKI History»(html). Feisty Duck(en inglés). Archivado desde el original el 11 de marzo de 2018. Consultado el 16 de junio de 2018. «January 2001 Fraudulent Microsoft certificates Someone calls VeriSign claiming to be from Microsoft, pays $400, and gets away with two code-signing certificates. The certificates have no special powers, but the owner name is misleading and potentially dangerous.»
«Certificate Authority Authorization (CAA)»(html). Let's encrypt(en inglés). 27 de julio de 2017. Archivado desde el original el 2 de agosto de 2017. Consultado el 17 de junio de 2018. «Some DNS providers that are unfamiliar with CAA initially reply to problem reports with “We do not support CAA records.” Your DNS provider does not need to specifically support CAA records; it only needs to reply with a NOERROR response for unknown query types (including CAA). Returning other opcodes, including NOTIMP, for unrecognized qtypes is a violation of RFC 1035, and needs to be fixed.»
isc.org
Risk, Vicky (29 de agosto de 2014). «Certificate Authority Authorization Records»(HTML). Internet Systems Consortium(en inglés). Archivado desde el original el 23 de agosto de 2017. Consultado el 17 de junio de 2018. «Support for the CAA record was added to BIND with the 9.10.1B release, after Rick Andrews of Symantec approached us at an IETF meeting and asked why we didn’t have it already. Rick is an expert and evangelist for the use of certificates, so we invited Rick to explain why people should use CAA records.»
letsencrypt.org
«Certificate Authority Authorization (CAA)»(html). Let's encrypt(en inglés). 27 de julio de 2017. Archivado desde el original el 2 de agosto de 2017. Consultado el 17 de junio de 2018. «Some DNS providers that are unfamiliar with CAA initially reply to problem reports with “We do not support CAA records.” Your DNS provider does not need to specifically support CAA records; it only needs to reply with a NOERROR response for unknown query types (including CAA). Returning other opcodes, including NOTIMP, for unrecognized qtypes is a violation of RFC 1035, and needs to be fixed.»
measurement-factory.com
dns.measurement-factory.com
Sisson, Geoffrey (30 de noviembre de 2010). «DNS Survey: October 2010»(pdf). The Measurement Factory(en inglés). Archivado desde el original el 14 de agosto de 2016. Consultado el 17 de junio de 2018. «This study, commissioned by Infoblox, undertakes to measure the number of DNS servers on the Internet and to quantify their various DNS behaviors and configuration choices.»
microsoft.com
azure.microsoft.com
Sarma, Subra (16 de noviembre de 2017). «Azure DNS Updates – CAA Record Support and IPv6 Nameservers»(html). Microsoft(en inglés). Archivado desde el original el 24 de noviembre de 2017. Consultado el 17 de junio de 2018. «We are pleased to announce a couple of updates to Azure DNS that have been long awaited by our customers: * Support for Certificate Authority Authorization (CAA) Records * IPv6 Nameservers».
sigcomm.org
ccronline.sigcomm.org
Scheitle, Quirin; Chung, Taejoong; Hiller, Jens; Gasser, Oliver; Naab, Johannes; van Rijswijk-Deij, Roland; Hohlfeld, Oliver; Holz, Ralph; Choffnes, Dave; Alan, Mislove; Carle, Georg (11 de abril de 2018). «A last Look at Certification Authority Authorization (CAA)»(pdf). ACM SIGCOMM Computer Communication Review(en inglés). Consultado el 16 de junio de 2018.
ssllabs.com
«SSL Pulse». SSL Labs. 3 de junio de 2018. Consultado el 16 de junio de 2018.
techrepublic.com
Wolber, Andy (17 de junio de 2018). «How to add a Certificate Authority Authorization record in Google Domains»(html). TechRepublic(en inglés). Archivado desde el original el 29 de nobviembre de 2017. Consultado el 17 de junio de 2018. «As with most security measures, problems may still arise. A security failure at either your certificate provider or your domain name registrar could produce problems. And a sophisticated attacker might still be able to serve false DNS data designed to deceive. Think of a CAA record as a way to apply an additional layer of protection to your organization's online presence. If you've taken the time to obtain a certificate for your site, take the time to create a CAA record, too.»
ttias.be
ma.ttias.be
Mattias, Geniar (8 de abril de 2017). «CAA checking becomes mandatory for SSL/TLS certificates»(html)(en inglés). Archivado desde el original el 9 de abril de 2017. Consultado el 17 de junio de 2018. «The CAA record is a new resource record, next to the usual A, CNAME, MX, TXT, ... records you might already know. The syntax is as follows; CAA <flags> <tag> <value> Which translates to; flag: An unsigned integer between 0-255. tag: An ASCII string that represents the identifier of the property represented by the record. value: The value associated with the tag».
web.archive.org
Ristić, Ivan (10 de octubre de 2017). «SSL/TLS and PKI History»(html). Feisty Duck(en inglés). Archivado desde el original el 11 de marzo de 2018. Consultado el 16 de junio de 2018. «January 2001 Fraudulent Microsoft certificates Someone calls VeriSign claiming to be from Microsoft, pays $400, and gets away with two code-signing certificates. The certificates have no special powers, but the owner name is misleading and potentially dangerous.»
Bright, Peter (29 de agosto de 2011). «Another fraudulent certificate raises the same old questions about certificate authorities»(html). Ars Technica(en inglés). Archivado desde el original el 10 de febrero de 2018. Consultado el 16 de junio de 2018. «Earlier this year, an Iranian hacker broke into servers belonging to a reseller for certificate authority Comodo and issued himself a range of certificates for sites including Gmail, Hotmail, and Yahoo! Mail. With these certificates, he could eavesdrop on users of those mail providers, even if they use SSL to protect their mail sessions.»
Sisson, Geoffrey (30 de noviembre de 2010). «DNS Survey: October 2010»(pdf). The Measurement Factory(en inglés). Archivado desde el original el 14 de agosto de 2016. Consultado el 17 de junio de 2018. «This study, commissioned by Infoblox, undertakes to measure the number of DNS servers on the Internet and to quantify their various DNS behaviors and configuration choices.»
Risk, Vicky (29 de agosto de 2014). «Certificate Authority Authorization Records»(HTML). Internet Systems Consortium(en inglés). Archivado desde el original el 23 de agosto de 2017. Consultado el 17 de junio de 2018. «Support for the CAA record was added to BIND with the 9.10.1B release, after Rick Andrews of Symantec approached us at an IETF meeting and asked why we didn’t have it already. Rick is an expert and evangelist for the use of certificates, so we invited Rick to explain why people should use CAA records.»
Sarma, Subra (16 de noviembre de 2017). «Azure DNS Updates – CAA Record Support and IPv6 Nameservers»(html). Microsoft(en inglés). Archivado desde el original el 24 de noviembre de 2017. Consultado el 17 de junio de 2018. «We are pleased to announce a couple of updates to Azure DNS that have been long awaited by our customers: * Support for Certificate Authority Authorization (CAA) Records * IPv6 Nameservers».
Mattias, Geniar (8 de abril de 2017). «CAA checking becomes mandatory for SSL/TLS certificates»(html)(en inglés). Archivado desde el original el 9 de abril de 2017. Consultado el 17 de junio de 2018. «The CAA record is a new resource record, next to the usual A, CNAME, MX, TXT, ... records you might already know. The syntax is as follows; CAA <flags> <tag> <value> Which translates to; flag: An unsigned integer between 0-255. tag: An ASCII string that represents the identifier of the property represented by the record. value: The value associated with the tag».
«Certificate Authority Authorization (CAA)»(html). Let's encrypt(en inglés). 27 de julio de 2017. Archivado desde el original el 2 de agosto de 2017. Consultado el 17 de junio de 2018. «Some DNS providers that are unfamiliar with CAA initially reply to problem reports with “We do not support CAA records.” Your DNS provider does not need to specifically support CAA records; it only needs to reply with a NOERROR response for unknown query types (including CAA). Returning other opcodes, including NOTIMP, for unrecognized qtypes is a violation of RFC 1035, and needs to be fixed.»
Wolber, Andy (17 de junio de 2018). «How to add a Certificate Authority Authorization record in Google Domains»(html). TechRepublic(en inglés). Archivado desde el original el 29 de nobviembre de 2017. Consultado el 17 de junio de 2018. «As with most security measures, problems may still arise. A security failure at either your certificate provider or your domain name registrar could produce problems. And a sophisticated attacker might still be able to serve false DNS data designed to deceive. Think of a CAA record as a way to apply an additional layer of protection to your organization's online presence. If you've taken the time to obtain a certificate for your site, take the time to create a CAA record, too.»
