[Servercert-wg] CAA RFC8659 update

Tomas Gustavsson tomas.gustavsson at primekey.com
Wed Nov 20 03:19:39 MST 2019


I just saw that CAA has a new RFC, RFC8659, with updates in particular
to the tree climbing. The CNAME and DNAME processing was if I remember
correctly some of the biggest challenges when implementing RFC6844, and
this is basically gone in RFC8659 (delegated to the CAs resolver to
follow CNAMES etc).

Current BRs specify RFC6844 with specifics around CNAMEs.
I could not find any previous discussion on RFC6844 so wondered if there
has been a discussion on adopting RFC8659?

Adopting this would likely mean implementation changes (while, if CAB
Forum is not adopting the new RFC I see little point in the RFC update
at all).


More information about the Servercert-wg mailing list