CAA Security Tag for Cryptographically-Constrained Domain Validation
draft-ietf-lamps-caa-security-02
| Document | Type |
Expired Internet-Draft
(lamps WG)
Expired & archived
|
|
|---|---|---|---|
| Authors | Henry Birge-Lee , Grace Cimaszewski , Cyrill Krähenbühl , Liang Wang , Aaron Gable , Prateek Mittal | ||
| Last updated | 2025-12-22 (Latest revision 2025-06-20) | ||
| RFC stream | Internet Engineering Task Force (IETF) | ||
| Intended RFC status | (None) | ||
| Formats | |||
| Additional resources | Mailing list discussion | ||
| Stream | WG state | WG Document | |
| Document shepherd | (None) | ||
| IESG | IESG state | Expired | |
| Consensus boilerplate | Unknown | ||
| Telechat date | (None) | ||
| Responsible AD | (None) | ||
| Send notices to | (None) |
This Internet-Draft is no longer active. A copy of the expired Internet-Draft is available in these formats:
Abstract
Cryptographic domain validation procedures leverage authenticated communication channels to ensure resilience against attacks by both on-path and off-path network adversaries which attempt to tamper with communications between the Certification Authority (CA) and the network resources related to the domain contained in the certificate. Domain owners can leverage "security" Property Tags specified in CAA records (defined in [RFC8659]) with the critical flag set, to ensure that CAs perform cryptographically-constrained domain validation during their issuance procedure, hence defending against global man- in-the-middle adversaries. This document defines the syntax of the CAA security Property as well as acceptable means for cryptographically-constrained domain validation procedures.
Authors
Henry Birge-Lee
Grace Cimaszewski
Cyrill Krähenbühl
Liang Wang
Aaron Gable
Prateek Mittal
(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)