DNS Certification Authority Authorization (CAA) Resource Record
Draft of message to be sent after approval:
From: The IESG <firstname.lastname@example.org> To: IETF-Announce <email@example.com> Cc: firstname.lastname@example.org, email@example.com, Russ Housley <firstname.lastname@example.org>, email@example.com, firstname.lastname@example.org, The IESG <email@example.com>, firstname.lastname@example.org, email@example.com Subject: Protocol Action: 'DNS Certification Authority Authorization (CAA) Resource Record' to Proposed Standard (draft-ietf-lamps-rfc6844bis-07.txt) The IESG has approved the following document: - 'DNS Certification Authority Authorization (CAA) Resource Record' (draft-ietf-lamps-rfc6844bis-07.txt) as Proposed Standard This document is the product of the Limited Additional Mechanisms for PKIX and SMIME Working Group. The IESG contact persons are Benjamin Kaduk and Roman Danyliw. A URL of this Internet Draft is: https://datatracker.ietf.org/doc/draft-ietf-lamps-rfc6844bis/
Technical Summary The Certification Authority Authorization (CAA) DNS Resource Record allows a DNS domain name holder to specify one or more Certification Authorities (CAs) authorized to issue certificates for that domain name. CAA Resource Records allow a public Certification Authority to implement additional controls to reduce the risk of unintended certificate mis-issue. This document defines the syntax of the CAA record and rules for processing CAA records by certificate issuers. Working Group Summary There is consensus for this document in the LAMPS WG. Document Quality S/MIME has wide support, and several implementers have said that they will implement this specification. The CA/Browser Forum has been very vocal that they are planning to require CAs to implement it, so that community has reviewed it carefully. Personnel Russ Housley is the document shepherd. Roman Danyliw is the responsible area director.