DNS Certification Authority Authorization (CAA) Resource Record, January 2013
- Canonical URL:
- File formats:
- PROPOSED STANDARD
- P. Hallam-Baker
- pkix (sec)
Discuss this RFC: Send questions or comments to firstname.lastname@example.org
The Certification Authority Authorization (CAA) DNS Resource Record allows a DNS domain name holder to specify one or more Certification Authorities (CAs) authorized to issue certificates for that domain. CAA Resource Records allow a public Certification Authority to implement additional controls to reduce the risk of unintended certificate mis-issue. This document defines the syntax of the CAA record and rules for processing CAA records by certificate issuers. [STANDARDS-TRACK]
For the definition of Status, see RFC 2026.
For the definition of Stream, see RFC 4844.