{"draft":"draft-ietf-lamps-caa-issuemail-07","doc_id":"RFC9495","title":"Certification Authority Authorization (CAA) Processing for Email Addresses","authors":["C. Bonnell"],"format":["HTML","TEXT","PDF","XML"],"page_count":"8","pub_status":"PROPOSED STANDARD","status":"PROPOSED STANDARD","source":"Limited Additional Mechanisms for PKIX and SMIME","abstract":"The Certification Authority Authorization (CAA) DNS resource record\r\n(RR) provides a mechanism for domains to express the allowed set of\r\nCertification Authorities that are authorized to issue certificates\r\nfor the domain. RFC 8659 contains the core CAA specification, where\r\nProperty Tags that restrict the issuance of certificates that certify\r\ndomain names are defined. This specification defines a Property Tag\r\nthat grants authorization to Certification Authorities to issue\r\ncertificates that contain the  key purpose in the  extension and at\r\nleast one  value or value of type  that includes the domain name in\r\nthe  extension.","pub_date":"October 2023","keywords":["caa","certification authority authorization","email address"],"obsoletes":[],"obsoleted_by":[],"updates":[],"updated_by":[],"see_also":[],"doi":"10.17487\/RFC9495","errata_url":null}