DNS Certification Authority Authorization Resource Record
RFC 6844, “DNS Certification Authority Authorization Resource Record”, is a Proposed Standard document published in January 2013 by P. Hallam-Baker, R. Stradling. It has been obsoleted by RFC 8659 — refer to the newer document for the authoritative version. The canonical text is published by the RFC Editor.
Abstract
The Certification Authority Authorization (CAA) DNS Resource Record allows a DNS domain name holder to specify one or more Certification Authorities (CAs) authorized to issue certificates for that domain. CAA Resource Records allow a public Certification Authority to implement additional controls to reduce the risk of unintended certificate mis-issue. This document defines the syntax of the CAA record and rules for processing CAA records by certificate issuers. [STANDARDS-TRACK]
What “Proposed Standard” means
An entry-level standards-track specification: stable, peer-reviewed and a solid basis for implementation, though it may still evolve before becoming an Internet Standard.
The canonical text of RFC 6844 is hosted at rfc-editor.org. Available in TXT,HTML.
- RFC 6843 RTP Control Protocol Extended Report Block for Delay Metric Reporting
- RFC 6845 OSPF Hybrid Broadcast and Point-to-Multipoint Interface Type
- RFC 6842 Client Identifier Option in DHCP Server Replies
- RFC 6846 RObust Header Compression : A Profile for TCP/IP
- RFC 6841 A Framework for DNSSEC Policies and DNSSEC Practice Statements
- RFC 6847 Fibre Channel over Ethernet over Transparent Interconnection of Lots of Links
- RFC 6840 Clarifications and Implementation Notes for DNS Security
- RFC 6848 Specifying Civic Address Extensions in the Presence Information Data Format Location Object