{"draft":"draft-ietf-lamps-rfc6844bis-07","doc_id":"RFC8659","title":"DNS Certification Authority Authorization (CAA) Resource Record","authors":["P. Hallam-Baker","R. Stradling","J. Hoffman-Andrews"],"format":["HTML","TEXT","PDF","XML"],"page_count":"17","pub_status":"PROPOSED STANDARD","status":"PROPOSED STANDARD","source":"Limited Additional Mechanisms for PKIX and SMIME","abstract":"The Certification Authority Authorization (CAA) DNS Resource Record\r\nallows a DNS domain name holder to specify one or more Certification\r\nAuthorities (CAs) authorized to issue certificates for that domain\r\nname. CAA Resource Records allow a public CA to implement additional\r\ncontrols to reduce the risk of unintended certificate mis-issue. \r\nThis document defines the syntax of the CAA record and rules for\r\nprocessing CAA records by CAs.\r\n\r\nThis document obsoletes RFC 6844.","pub_date":"November 2019","keywords":["certificate","ca","pki","issue","issuance","wildcard"],"obsoletes":["RFC6844"],"obsoleted_by":[],"updates":[],"updated_by":[],"see_also":[],"doi":"10.17487\/RFC8659","errata_url":"https:\/\/www.rfc-editor.org\/errata\/rfc8659"}