RFC Errata

Errata Search

Source of RFC  
Summary Table Full Records

RFC 6844, "DNS Certification Authority Authorization (CAA) Resource Record", January 2013

Note: This RFC has been obsoleted by RFC 8659

Source of RFC: pkix (sec)

Errata ID: 4515
Status: Rejected
Type: Technical
Publication Format(s) : TEXT

Reported By: Tom Clegg
Date Reported: 2015-10-29
Rejected by: Kathleen Moriarty
Date Rejected: 2017-08-22

Section 4 says:

   o  If A(X) is not null, and R(A(X)) is not empty, then R(X) =
      R(A(X)), otherwise

It should say:

   o  If A(X) is not null, and CAA(A(X)) is not empty, then R(X) =
      CAA(A(X)), otherwise


R is the algorithm being described here, so R(A(X)) means a recursive search on the CNAME target, including its parents. However, the example that follows, Parent(Alias(x.y.z)) is not part of the search. Either the algorithm is incorrectly specified, or the example is incomplete.

While this change is correct, it has already been accepted with HFDU in errata 5065.
Errata 5065 was accepted first and covers this error.

Report New Errata

Advanced Search