German security researcher Hanno B..ck caught Comodo issuing SSL certificate it was not supposed to issue. CAA (Certificate Authority Authorization) standard became mandatory on September 8. Certificate Authorities such as Comodo have to check a CAA field in DNS records before issuing new SSL certificates. German researcher says he obtained certificate on Saturday, a day after CAA checks became mandatory. Comodo did not respond to a request for comment from Bleeping Computer in time for this article’s publication.
Source: https://www.bleepingcomputer.com/news/security/comodo-caught-breaking-new-caa-standard-one-day-after-it-went-into-effect/