RFC Errata


Errata Search

 
Source of RFC  
Summary Table Full Records

RFC 6844, "DNS Certification Authority Authorization (CAA) Resource Record", January 2013

Source of RFC: pkix (sec)

Errata ID: 5097

Status: Reported
Type: Technical

Reported By: Andrew Ayer
Date Reported: 2017-08-25

Section 4 says:

Let CAA(X) be the record set returned in response to performing a CAA
record query on the label X, P(X) be the DNS label immediately above
X in the DNS hierarchy, and A(X) be the target of a CNAME or DNAME
alias record specified at the label X.

It should say:

Let CAA(X) be the record set returned in response to performing a CAA
record query on the label X, P(X) be the DNS label immediately above
X in the DNS hierarchy, and A(X) be the target of a CNAME
alias record specified at the label X.

Notes:

As currently worded, section 4 tells the CA to look up a DNAME record specified *at* the label X, and if one is found, look up a CAA record at the DNAME's target. This is contrary to the behavior of DNAME as specified in RFC 6672, which is to redirect names subordinate of the DNAME but not the DNAME itself.

Since DNAMEs cause CNAMEs to be synthesized for subordinate names, there is no need for implementers of CAA to care about the presence of DNAMEs at all, so this erratum simply removes any mention of DNAME.

Report New Errata