Skip to main content

Certification Authority Authorization (CAA) Processing for Email Addresses

Document Type Replaced Internet-Draft (lamps WG)
Expired & archived
Author Corey Bonnell
Last updated 2023-01-25
Replaced by draft-ietf-lamps-caa-issuemail
RFC stream Internet Engineering Task Force (IETF)
Intended RFC status (None)
Additional resources Mailing list discussion
Stream WG state Candidate for WG Adoption
Document shepherd (None)
IESG IESG state Replaced by draft-ietf-lamps-caa-issuemail
Consensus boilerplate Unknown
Telechat date (None)
Responsible AD (None)
Send notices to (None)

This Internet-Draft is no longer active. A copy of the expired Internet-Draft is available in these formats:


The Certification Authority Authorization (CAA) DNS resource record type provides a mechanism for domains to express the allowed set of Certification Authorities that may issue certificates for the domain. The core CAA specification ([RFC8659]) solely defines Property Tags that restrict the issuance of certificates that certify domain names; it does not define a mechanism for domains to restrict the issuance of certificates that include email addresses. This specification defines a Property Tag that grants authorization to Certification Authorities to issue certificates which certify email addresses.


Corey Bonnell

(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)