Although CAA significantly narrows the scope of issuers, a tag identifying the customer/account where issuance permitted would significantly reduce spam domain control emails. Despite CAA limiting issuance of a domain to DigiCert, we may still have a dozen entities trying to request the same domain. In fact, I suspect the number of requested bad domains will increase on our side if a CAA record is present. Although we have methods to control spam validation emails, a bad actor could create accounts and annoy customers hoping the domain is inadvertently approved. To limit this, I'd like to create a CAA tag that is customerID. Something like:
CAA 0 register "customer ID=[ID provided by CA]" The requirement in the RFC for creating tags is to register the tag with IANA. I thought I'd float the idea here first though. If there's interest, we could combine it with a validation method restriction CAA 0 register "customer ID=[ID provided by CA] validationMethod=[Validation Method OID]" Jeremy
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ Public mailing list [email protected] https://cabforum.org/mailman/listinfo/public
