A Deep Dive on the Recent Widespread DNS Hijacking

James Renken jrenken at sandwich.net
Tue Feb 26 21:34:12 UTC 2019

On Feb 25, 2019, at 5:20 AM, Bill Woodcock <woody at pch.net> wrote:
> We know that neither Comodo nor Let's Encrypt were DNSSEC validating before issuing certs.

I’d like to clarify that Let’s Encrypt has always validated DNSSEC, dating to before we issued our first publicly trusted certificate in September 2015.

James Renken (pronouns: he/him)
Internet Security Research Group
Let's Encrypt: A Free, Automated, and Open CA

More information about the NANOG mailing list