RFC 8657
Certification Authority Authorization (CAA) Record Extensions for Account URI and Automatic Certificate Management Environment (ACME) Method Binding, November 2019
- File formats:
- Also available: XML file for editing
- Status:
- PROPOSED STANDARD
- Author:
- H. Landau
- Stream:
- IETF
- Source:
- acme (sec)
Cite this RFC: TXT | XML | BibTeX
DOI: https://doi.org/10.17487/RFC8657
Discuss this RFC: Send questions or comments to the mailing list acme@ietf.org
Other actions: Submit Errata | Find IPR Disclosures from the IETF | View History of RFC 8657
Abstract
The Certification Authority Authorization (CAA) DNS record allows a domain to communicate an issuance policy to Certification Authorities (CAs) but only allows a domain to define a policy with CA-level granularity. However, the CAA specification (RFC 8659) also provides facilities for an extension to admit a more granular, CA-specific policy. This specification defines two such parameters: one allowing specific accounts of a CA to be identified by URIs and one allowing specific methods of domain control validation as defined by the Automatic Certificate Management Environment (ACME) protocol to be required.
For the definition of Status, see RFC 2026.
For the definition of Stream, see RFC 8729.