Skip to content

Some small fixs on the security page. #40

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
c0nfigurati0n wants to merge 5 commits into
base: master
Choose a base branch
from
Open

Some small fixs on the security page. #40

c0nfigurati0n wants to merge 5 commits into from

Conversation

@c0nfigurati0n
Copy link
Contributor

@c0nfigurati0n c0nfigurati0n commented Sep 5, 2022
edited
Loading

No description provided.

@c0nfigurati0n
Copy link
Contributor Author

c0nfigurati0n commented Sep 5, 2022

@nguyenkims

@c0nfigurati0n c0nfigurati0n changed the title Small fix on the security page. Some small fixs on the security page. Sep 5, 2022
nguyenkims
nguyenkims reviewed Jan 16, 2024
View reviewed changes
content/security.md
[CAA](https://en.wikipedia.org/wiki/DNS_Certification_Authority_Authorization) is a standard that allows SimpleLogin to restrict which Certificate Authorities (CA) are allowed to issue certificates for our domains. By default, every public CA is allowed to issue certificates for **any** domain name in the public DNS, provided they validate control of that domain name. That means that if there’s a bug in any one of the many public CAs’ validation processes, every domain name is potentially affected. This has happened in the past, affecting [Google](http://arstechnica.com/security/2015/10/still-fuming-over-https-mishap-google-gives-symantec-an-offer-it-cant-refuse/), [Windows Live](https://arstechnica.com/information-technology/2015/03/bogus-ssl-certificate-for-windows-live-could-allow-man-in-the-middle-hacks/) among others.

CAA provides a way for domain holders to reduce that risk. Without CAA, someone could potentially obtain an unauthorized SSL certificate for SimpleLogin domains that could allow man-in-the-middle hacks.
[CAA](https://en.wikipedia.org/wiki/DNS_Certification_Authority_Authorization) is a standard that allows us to restrict which Certificate Authorities (CA) are allowed to issue certificates for our domains. By default, every public CA is allowed to issue certificates for any domain in the public DNS, provided they validate control of that domain. That means that if there is a bug in any one of the many public CAs’ validation processes, then any and every domain is than potentially affected. This has happened in the past, affecting [Google](http://arstechnica.com/security/2015/10/still-fuming-over-https-mishap-google-gives-symantec-an-offer-it-cant-refuse/), [Windows Live](https://arstechnica.com/information-technology/2015/03/bogus-ssl-certificate-for-windows-live-could-allow-man-in-the-middle-hacks/) among others. CAA provides a way for domain holders to reduce that risk. Without CAA, someone could potentially obtain an unauthorized TLS certificate for our domains that could allow them to do a man-in-the-middle (MITM) attack on our infrastructure. All of our certificates are issued by [Letsencrypt](https://letsencrypt.org). Which is a certificate authority we trust.
Copy link
Contributor

@nguyenkims nguyenkims Jan 16, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hey any reason why we remove the line break here?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@nguyenkims nguyenkims nguyenkims left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@c0nfigurati0n @nguyenkims