Protocol Action: 'DNS Certification Authority Authorization (CAA) Resource Record' to Proposed Standard (draft-ietf-pkix-caa-15.txt)
The IESG <iesg-secretary@ietf.org> Mon, 26 November 2012 21:36 UTC
Return-Path: <iesg-secretary@ietf.org>
X-Original-To: ietf-announce@ietfa.amsl.com
Delivered-To: ietf-announce@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3084B21F8518; Mon, 26 Nov 2012 13:36:09 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.599
X-Spam-Level:
X-Spam-Status: No, score=-102.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id cfjkA1YTiBVL; Mon, 26 Nov 2012 13:36:08 -0800 (PST)
Received: from ietfa.amsl.com (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5ADB721F8611; Mon, 26 Nov 2012 13:36:08 -0800 (PST)
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
From: The IESG <iesg-secretary@ietf.org>
To: IETF-Announce <ietf-announce@ietf.org>
Subject: Protocol Action: 'DNS Certification Authority Authorization (CAA) Resource Record' to Proposed Standard (draft-ietf-pkix-caa-15.txt)
X-Test-IDTracker: no
X-IETF-IDTracker: 4.36
Message-ID: <20121126213608.17569.30919.idtracker@ietfa.amsl.com>
Date: Mon, 26 Nov 2012 13:36:08 -0800
Cc: pkix mailing list <pkix@ietf.org>, pkix chair <pkix-chairs@tools.ietf.org>, RFC Editor <rfc-editor@rfc-editor.org>
X-BeenThere: ietf-announce@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "IETF announcement list. No discussions." <ietf-announce.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf-announce>, <mailto:ietf-announce-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ietf-announce>
List-Post: <mailto:ietf-announce@ietf.org>
List-Help: <mailto:ietf-announce-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf-announce>, <mailto:ietf-announce-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 26 Nov 2012 21:36:09 -0000
The IESG has approved the following document: - 'DNS Certification Authority Authorization (CAA) Resource Record' (draft-ietf-pkix-caa-15.txt) as Proposed Standard This document is the product of the Public-Key Infrastructure (X.509) Working Group. The IESG contact persons are Sean Turner and Stephen Farrell. A URL of this Internet Draft is: http://datatracker.ietf.org/doc/draft-ietf-pkix-caa/ Technical Summary The Certification Authority Authorization (CAA) DNS Resource Record allows a DNS domain name holder to specify one or more Certification Authorities authorized to issue certificates for that domain. CAA resource records allow a public Certification Authority to implement additional controls to reduce the risk of unintended certificate mis-issue. Working Group Summary This document might have been pursued in other WGs, specifically DNSEXT, since it specifies a new DNS record type. It also might have been pursued in DANE, but the focus of DANE is sufficiently different that it is probably not a good fit there. Because the document specifies a DNS record type, for use with PKI technology, PKIX was reasonable choice for the authors. There was some controversy initially, but that went away over time. Document Quality I am not aware of any existing implementations of the protocol, but both authors work for a company that is represented by a trust anchor in browsers and operating systems, and thus it is likely that their organization will support this proposal via an implementation. Personnel Steve Kent is the Document Shepherd. Sean Turner the Responsible Area Director.