[cabfpub] CAA Customer Identifier

Jeremy Rowley jeremy.rowley at digicert.com
Mon May 15 18:45:43 UTC 2017

Although CAA significantly narrows the scope of issuers, a tag identifying
the customer/account where issuance permitted would significantly reduce
spam domain control emails. Despite CAA limiting issuance of a domain to
DigiCert, we may still have a dozen entities trying to request the same
domain. In fact, I suspect the number of requested bad domains will increase
on our side if a CAA record is present. Although we have methods to control
spam validation emails, a bad actor could create accounts and annoy
customers hoping the domain is inadvertently approved. To limit this, I'd
like to create a CAA tag that is customerID. Something like: 


CAA 0 register "customer ID=[ID provided by CA]"


The requirement in the RFC for creating tags is to register the tag with
IANA. I thought I'd float the idea here first though. If there's interest,
we could combine it with a validation method restriction


CAA 0 register "customer ID=[ID provided by CA] validationMethod=[Validation
Method OID]"





-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/public/attachments/20170515/070f537b/attachment-0002.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4964 bytes
Desc: not available
URL: <http://lists.cabforum.org/pipermail/public/attachments/20170515/070f537b/attachment.p7s>

More information about the Public mailing list