The IESG has approved the following document: - 'Certification Authority Authorization (CAA) Processing for Email Addresses' (draft-ietf-lamps-caa-issuemail-07.txt) as Proposed Standard
This document is the product of the Limited Additional Mechanisms for PKIX and SMIME Working Group. The IESG contact persons are Paul Wouters and Roman Danyliw. A URL of this Internet-Draft is: https://datatracker.ietf.org/doc/draft-ietf-lamps-caa-issuemail/ Technical Summary The Certification Authority Authorization (CAA) DNS resource record (RR) provides a mechanism for domains to express the allowed set of Certification Authorities (CAs) that are authorized to issue certificates for the domain. RFC 8659 contains the core CAA specification, where Property Tags that restrict the issuance of certificates which certify domain names are defined. This specification defines a Property Tag that grants authorization to CAs to issue certificates which contain the id-kp-emailProtection key purpose in the extendedKeyUsage extension and one or more rfc822Name or otherName of type id-on-SmtpUTF8Mailbox that include the domain name in the subjectAltName extension. Working Group Summary There was little controversy, and suggested improvements were readily accepted by the author. Individuals that participate in the CA/Browser Forum have followed the development of this specification carefully. Document Quality Several Certification Authorities have expressed interest in implementing this specification. The CA/Browser Forum will likely require support for this specification in their S/MIME Certificate Baseline Requirements. Personnel The Document Shepherd for this document is Russ Housley. The Responsible Area Director is Roman Danyliw. _______________________________________________ IETF-Announce mailing list [email protected] https://www.ietf.org/mailman/listinfo/ietf-announce
