RFC 6844, "DNS Certification Authority Authorization (CAA) Resource Record", January 2013
Note: This RFC has been obsoleted by RFC 8659Source of RFC: pkix (sec)
Errata ID: 4061
Publication Format(s) : TEXT
Reported By: Evan Hunt
Date Reported: 2014-07-24
Rejected by: Kathleen Moriarty
Date Rejected: 2014-09-03
Section 5.1 says:
Tag values SHOULD NOT contain any other characters.
It should say:
Tag values MUST NOT contain any other characters.
Since the text representation of the tag field is unquoted, spaces and other whitespace must be explicitly excluded. Otherwise, it is possible to create a CAA record whose text representation cannot be parsed.
This really gets down to MUST/SHOULD theology and whether you consider
the zone file syntax at the same level of conformance as DNS protocol.
The author believes SHOULD is correct here. The protocol on the wire will work
just fine if someone breaks this advice.
Yes, it might well break some zone file parsers. But those aren't on
the wire and that type of incompatibility is exactly what I would
expect from violating a SHOULD.
Code has to work if someone creates a RR with a non conformant label,
therefore a MUST does not saves any work. And the only circumstance in
which the editor can imagine someone using it would be where they wanted a
label that could not be inserted through normal zone files.
Phil Hallam-Baker certainly doesn't want people writing parsers to strip out records
with non conformant labels. So, stick with SHOULD.