Technical Summary
The Certification Authority Authorization (CAA) DNS Resource Record
allows a DNS domain name holder to specify one or more Certification
Authorities (CAs) authorized to issue certificates for that domain
name. CAA Resource Records allow a public Certification Authority to
implement additional controls to reduce the risk of unintended
certificate mis-issue. This document defines the syntax of the CAA
record and rules for processing CAA records by certificate issuers.
Working Group Summary
There is consensus for this document in the LAMPS WG.
Document Quality
S/MIME has wide support, and several implementers have said that
they will implement this specification. The CA/Browser Forum
has been very vocal that they are planning to require CAs to
implement it, so that community has reviewed it carefully.
Personnel
Russ Housley is the document shepherd.
Roman Danyliw is the responsible area director.