Practical HTTPS Interception
TL;DR: An attacker can trick Let's Encrypt (LE) to issue new TLS certificates for any domain that the attacker intercepts traffic for. The attacker can then decrypt the TLS traffic. This one thing that TLS is supposed to prevent from happening. The f...
blog.thc.org8 min read
Xan
A lot of good things to think about.
The idea of the browser checking whether CAA has been violated might need some more fleshing out. A good defense against this whole problem is to have your CAA locked down so that NO certificates can be issued, except when you're doing a renewal. Having the browser break in this scenario wouldn't be good.
There would need to be some way to separately say "a certificate from this issuer is expected" as opposed to "this issuer may issue me a certificate right now".