[cabfpub] CAA records on google.com
Rob Stradling
rob.stradling at comodo.com
Thu Jun 20 18:55:20 UTC 2013
On 19/06/13 21:10, Adam Langley wrote:
> google.com is now serving two CAA[1] records:
>
> $ dig +short -t TYPE257 google.com
> \# 19 0005697373756573796D616E7465632E636F6D
> \# 23 0009697373756577696C6473796D616E7465632E636F6D
>
> These correspond (I hope) to "issue" and "issuewild" records with a
> value of "symantec.com". We are not aware of any CA that looks for
> these records yet but we believe that, reasonably implemented, CAA is
> a low-cost, modest-benefit technique and this is a public show of
> support.
>
> [1] https://tools.ietf.org/html/rfc6844
Adam, since most certs for <whatever>.google.com seem to be issued by a
Subordinate CA controlled by Google, wouldn't it make sense to add
"issue" and "issuewild" records for "google.com" too?
--
Rob Stradling
Senior Research & Development Scientist
COMODO - Creating Trust Online
More information about the Public
mailing list