RFC 8657

Certification Authority Authorization (CAA) Record Extensions for Account URI and Automatic Certificate Management Environment (ACME) Method Binding, November 2019

File formats:

icon for HTML icon for text file icon for v3pdf icon for XML
Status:
PROPOSED STANDARD
Author:
H. Landau
Stream:
IETF
Source:
acme (sec)

Cite this RFC: TXT  |  XML

DOI:  10.17487/RFC8657

Discuss this RFC: Send questions or comments to acme@ietf.org

Other actions: Submit Errata  |  Find IPR Disclosures from the IETF


Abstract

The Certification Authority Authorization (CAA) DNS record allows a domain to communicate an issuance policy to Certification Authorities (CAs) but only allows a domain to define a policy with CA-level granularity. However, the CAA specification (RFC 8659) also provides facilities for an extension to admit a more granular, CA-specific policy. This specification defines two such parameters: one allowing specific accounts of a CA to be identified by URIs and one allowing specific methods of domain control validation as defined by the Automatic Certificate Management Environment (ACME) protocol to be required.


For the definition of Status, see RFC 2026.

For the definition of Stream, see RFC 4844.


Download PDF Reader