DNS Certification Authority Authorization (CAA) Resource Record
RFC 8659

Approval announcement
Draft of message to be sent after approval:

From: The IESG <iesg-secretary@ietf.org>
To: IETF-Announce <ietf-announce@ietf.org>
Cc: rdd@cert.org, lamps-chairs@ietf.org, Russ Housley <housley@vigilsec.com>, housley@vigilsec.com, spasm@ietf.org, The IESG <iesg@ietf.org>, draft-ietf-lamps-rfc6844bis@ietf.org, rfc-editor@rfc-editor.org
Subject: Protocol Action: 'DNS Certification Authority Authorization (CAA) Resource Record' to Proposed Standard (draft-ietf-lamps-rfc6844bis-07.txt)

The IESG has approved the following document:
- 'DNS Certification Authority Authorization (CAA) Resource Record'
  (draft-ietf-lamps-rfc6844bis-07.txt) as Proposed Standard

This document is the product of the Limited Additional Mechanisms for PKIX
and SMIME Working Group.

The IESG contact persons are Benjamin Kaduk and Roman Danyliw.

A URL of this Internet Draft is:

Technical Summary

   The Certification Authority Authorization (CAA) DNS Resource Record
   allows a DNS domain name holder to specify one or more Certification
   Authorities (CAs) authorized to issue certificates for that domain
   name.  CAA Resource Records allow a public Certification Authority to
   implement additional controls to reduce the risk of unintended
   certificate mis-issue.  This document defines the syntax of the CAA
   record and rules for processing CAA records by certificate issuers.

Working Group Summary

    There is consensus for this document in the LAMPS WG.

Document Quality

    S/MIME has wide support, and several implementers have said that
    they will implement this specification.  The CA/Browser Forum
    has been very vocal that they are planning to require CAs to
    implement it, so that community has reviewed it carefully.


    Russ Housley is the document shepherd.
    Roman Danyliw is the responsible area director.