Certification Authority Authorization (CAA) Processing for Email Addresses
draft-ietf-lamps-caa-issuemail-07

• Status
• IESG evaluation record
• IESG writeups
• Email expansions
• History

Approval announcement
Draft of message to be sent after approval:

Announcement

From: The IESG <iesg-secretary@ietf.org>
To: IETF-Announce <ietf-announce@ietf.org>
Cc: The IESG <iesg@ietf.org>, draft-ietf-lamps-caa-issuemail@ietf.org, housley@vigilsec.com, lamps-chairs@ietf.org, rdd@cert.org, rfc-editor@rfc-editor.org, spasm@ietf.org
Subject: Protocol Action: 'Certification Authority Authorization (CAA) Processing for Email Addresses' to Proposed Standard (draft-ietf-lamps-caa-issuemail-07.txt)

The IESG has approved the following document:
- 'Certification Authority Authorization (CAA) Processing for Email
   Addresses'
  (draft-ietf-lamps-caa-issuemail-07.txt) as Proposed Standard

This document is the product of the Limited Additional Mechanisms for PKIX
and SMIME Working Group.

The IESG contact persons are Paul Wouters and Roman Danyliw.

A URL of this Internet-Draft is:
https://datatracker.ietf.org/doc/draft-ietf-lamps-caa-issuemail/

Ballot Text

Technical Summary

   The Certification Authority Authorization (CAA) DNS resource record
   (RR) provides a mechanism for domains to express the allowed set of
   Certification Authorities (CAs) that are authorized to issue
   certificates for the domain.  RFC 8659 contains the core CAA
   specification, where Property Tags that restrict the issuance of
   certificates which certify domain names are defined.  This
   specification defines a Property Tag that grants authorization to CAs
   to issue certificates which contain the id-kp-emailProtection key
   purpose in the extendedKeyUsage extension and one or more rfc822Name
   or otherName of type id-on-SmtpUTF8Mailbox that include the domain
   name in the subjectAltName extension.

Working Group Summary

   There was little controversy, and suggested improvements were readily
   accepted by the author.

   Individuals that participate in the CA/Browser Forum have followed the
   development of this specification carefully.

Document Quality

   Several Certification Authorities have expressed interest in implementing
   this specification.  The CA/Browser Forum will likely require support for
   this specification in their S/MIME Certificate Baseline Requirements.

Personnel

   The Document Shepherd for this document is Russ Housley. The Responsible
   Area Director is Roman Danyliw.

RFC Editor Note