[cabfpub] CAA records for S/MIME certificates?

Gervase Markham gerv at mozilla.org
Mon Dec 18 13:21:01 UTC 2017


On 18/12/17 13:18, Cristian Garabet via Public wrote:
> According to BR 3.2.2.8. CAA Records the CA " MUST check for CAA
> records and follow the processing instructions found, for each
> dNSName in the subjectAltName extension of the certificate to be
> issued, as specified in RFC 6844 as amended by Errata 5065 (Appendix
> A)".  Does the CAA records requirement also apply to  S/MIME
> certificates? Or is it planned to?

S/MIME certificates use rfc822Name, not dnsName, so no, it doesn't.

Gerv



More information about the Public mailing list