RFC Errata
RFC 6844, "DNS Certification Authority Authorization (CAA) Resource Record", January 2013
Note: This RFC has been obsoleted by RFC 8659
Source of RFC: pkix (sec)
Errata ID: 4515
Status: Rejected
Type: Technical
Publication Format(s) : TEXT
Reported By: Tom Clegg
Date Reported: 2015-10-29
Rejected by: Kathleen Moriarty
Date Rejected: 2017-08-22
Section 4 says:
o If A(X) is not null, and R(A(X)) is not empty, then R(X) = R(A(X)), otherwise
It should say:
o If A(X) is not null, and CAA(A(X)) is not empty, then R(X) = CAA(A(X)), otherwise
Notes:
R is the algorithm being described here, so R(A(X)) means a recursive search on the CNAME target, including its parents. However, the example that follows, Parent(Alias(x.y.z)) is not part of the search. Either the algorithm is incorrectly specified, or the example is incomplete.
While this change is correct, it has already been accepted with HFDU in errata 5065.
--VERIFIER NOTES--
Errata 5065 was accepted first and covers this error.