DNS Certification Authority Authorization Resource Record
RFC 8659, “DNS Certification Authority Authorization Resource Record”, is a Proposed Standard document published in November 2019 by P. Hallam-Baker, R. Stradling, J. Hoffman-Andrews. It obsoletes RFC 6844. The canonical text is published by the RFC Editor.
Abstract
The Certification Authority Authorization (CAA) DNS Resource Record allows a DNS domain name holder to specify one or more Certification Authorities (CAs) authorized to issue certificates for that domain name. CAA Resource Records allow a public CA to implement additional controls to reduce the risk of unintended certificate mis-issue. This document defines the syntax of the CAA record and rules for processing CAA records by CAs.
This document obsoletes RFC 6844.
What “Proposed Standard” means
An entry-level standards-track specification: stable, peer-reviewed and a solid basis for implementation, though it may still evolve before becoming an Internet Standard.
The canonical text of RFC 8659 is hosted at rfc-editor.org. Available in HTML,TXT,PDF,XML.
- RFC 8658 RADIUS Attributes for Softwire Mechanisms Based on Address plus Port
- RFC 8660 Segment Routing with the MPLS Data Plane
- RFC 8657 Certification Authority Authorization Record Extensions for Account URI and Automatic Certificate Management Environment Method Binding
- RFC 8661 Segment Routing MPLS Interworking with LDP
- RFC 8662 Entropy Label for Source Packet Routing in Networking Tunnels
- RFC 8655 Deterministic Networking Architecture
- RFC 8663 MPLS Segment Routing over IP
- RFC 8654 Extended Message Support for BGP