DNS Certification Authority Authorization (CAA) Resource Record
RFC 8659
Approval announcement
Draft of message to be sent after approval:
From: The IESG <iesg-secretary@ietf.org>
To: IETF-Announce <ietf-announce@ietf.org>
Cc: rdd@cert.org, lamps-chairs@ietf.org, Russ Housley <housley@vigilsec.com>, housley@vigilsec.com, spasm@ietf.org, The IESG <iesg@ietf.org>, draft-ietf-lamps-rfc6844bis@ietf.org, rfc-editor@rfc-editor.org
Subject: Protocol Action: 'DNS Certification Authority Authorization (CAA) Resource Record' to Proposed Standard (draft-ietf-lamps-rfc6844bis-07.txt)
The IESG has approved the following document:
- 'DNS Certification Authority Authorization (CAA) Resource Record'
(draft-ietf-lamps-rfc6844bis-07.txt) as Proposed Standard
This document is the product of the Limited Additional Mechanisms for PKIX
and SMIME Working Group.
The IESG contact persons are Benjamin Kaduk and Roman Danyliw.
A URL of this Internet Draft is:
https://datatracker.ietf.org/doc/draft-ietf-lamps-rfc6844bis/
Technical Summary
The Certification Authority Authorization (CAA) DNS Resource Record
allows a DNS domain name holder to specify one or more Certification
Authorities (CAs) authorized to issue certificates for that domain
name. CAA Resource Records allow a public Certification Authority to
implement additional controls to reduce the risk of unintended
certificate mis-issue. This document defines the syntax of the CAA
record and rules for processing CAA records by certificate issuers.
Working Group Summary
There is consensus for this document in the LAMPS WG.
Document Quality
S/MIME has wide support, and several implementers have said that
they will implement this specification. The CA/Browser Forum
has been very vocal that they are planning to require CAs to
implement it, so that community has reviewed it carefully.
Personnel
Russ Housley is the document shepherd.
Roman Danyliw is the responsible area director.