Certification Authority Authorization (CAA) Processing for Email Addresses, October 2023
- File formats:
- Also available: XML file for editing
- PROPOSED STANDARD
- C. Bonnell
- lamps (sec)
Discuss this RFC: Send questions or comments to the mailing list firstname.lastname@example.org
The Certification Authority Authorization (CAA) DNS resource record (RR) provides a mechanism for domains to express the allowed set of Certification Authorities that are authorized to issue certificates for the domain. RFC 8659 contains the core CAA specification, where Property Tags that restrict the issuance of certificates that certify domain names are defined. This specification defines a Property Tag that grants authorization to Certification Authorities to issue certificates that contain the key purpose in the extension and at least one value or value of type that includes the domain name in the extension.
For the definition of Status, see RFC 2026.
For the definition of Stream, see RFC 8729.