[cabfpub] CAA Test Suite
Andrew Ayer
andrew at sslmate.com
Thu Aug 31 16:46:40 UTC 2017
To help with the correct implementation of CAA, I've put together a CAA
test suite:
https://caatestsuite.com/
It consists of a list of FQDNs for which no CA is allowed to issue.
In addition to testing the basic CAA processing rules described in RFC
6844, it also tests for proper handling of edge cases and DNSSEC
failures.
I encourage all CAs to test their CAA implementation against the FQDNs
in the test suite. If your implementation says you're allowed to issue
for any of the FQDNs, then there may be a bug in your CAA
implementation.
Let me know if you have any issues or questions.
Regards,
Andrew
More information about the Public
mailing list