File formats:

Also available: XML file for editing

 

Status:

PROPOSED STANDARD

Author:

C. Bonnell

Stream:

IETF

Source:

lamps (sec)

Cite this RFC: TXT  |  XML  |   BibTeX

DOI:  https://doi.org/10.17487/RFC9495

Discuss this RFC: Send questions or comments to the mailing list spasm@ietf.org

Other actions: Submit Errata  |  Find IPR Disclosures from the IETF  |  View History of RFC 9495

Abstract

The Certification Authority Authorization (CAA) DNS resource record (RR) provides a mechanism for domains to express the allowed set of Certification Authorities that are authorized to issue certificates for the domain. RFC 8659 contains the core CAA specification, where Property Tags that restrict the issuance of certificates that certify domain names are defined. This specification defines a Property Tag that grants authorization to Certification Authorities to issue certificates that contain the key purpose in the extension and at least one value or value of type that includes the domain name in the extension.

For the definition of Status, see RFC 2026.

For the definition of Stream, see RFC 8729.