[cabfpub] CAA records on google.com

Rob Stradling rob.stradling at comodo.com
Thu Jun 20 18:55:20 UTC 2013

On 19/06/13 21:10, Adam Langley wrote:
> google.com is now serving two CAA[1] records:
> $ dig +short -t TYPE257 google.com
> \# 19 0005697373756573796D616E7465632E636F6D
> \# 23 0009697373756577696C6473796D616E7465632E636F6D
> These correspond (I hope) to "issue" and "issuewild" records with a
> value of "symantec.com". We are not aware of any CA that looks for
> these records yet but we believe that, reasonably implemented, CAA is
> a low-cost, modest-benefit technique and this is a public show of
> support.
> [1] https://tools.ietf.org/html/rfc6844

Adam, since most certs for <whatever>.google.com seem to be issued by a 
Subordinate CA controlled by Google, wouldn't it make sense to add 
"issue" and "issuewild" records for "google.com" too?

Rob Stradling
Senior Research & Development Scientist
COMODO - Creating Trust Online

More information about the Public mailing list