Protocol Action: 'CAA Record Extensions for Account URI and ACME Method Binding' to Proposed Standard (draft-ietf-acme-caa-09.txt)

The IESG <iesg-secretary@ietf.org> Thu, 20 June 2019 16:55 UTC

Return-Path: <iesg-secretary@ietf.org>
X-Original-To: ietf-announce@ietf.org
Delivered-To: ietf-announce@ietfa.amsl.com
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 9203212010C; Thu, 20 Jun 2019 09:55:37 -0700 (PDT)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
From: The IESG <iesg-secretary@ietf.org>
To: "IETF-Announce" <ietf-announce@ietf.org>
Subject: Protocol Action: 'CAA Record Extensions for Account URI and ACME Method Binding' to Proposed Standard (draft-ietf-acme-caa-09.txt)
X-Test-IDTracker: no
X-IETF-IDTracker: 6.98.0
Auto-Submitted: auto-generated
Precedence: bulk
Cc: rdd@cert.org, The IESG <iesg@ietf.org>, Daniel McCarney <cpu@letsencrypt.org>, acme@ietf.org, cpu@letsencrypt.org, draft-ietf-acme-caa@ietf.org, acme-chairs@ietf.org, rfc-editor@rfc-editor.org
Content-Transfer-Encoding: 7bit
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Message-ID: <156104973759.2906.6496705766706177324.idtracker@ietfa.amsl.com>
Date: Thu, 20 Jun 2019 09:55:37 -0700
Archived-At: <https://mailarchive.ietf.org/arch/msg/ietf-announce/thMfBM79ymRVw99L0pyxFxoTsNs>
X-BeenThere: ietf-announce@ietf.org
X-Mailman-Version: 2.1.29
List-Id: "IETF announcement list. No discussions." <ietf-announce.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf-announce>, <mailto:ietf-announce-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ietf-announce/>
List-Post: <mailto:ietf-announce@ietf.org>
List-Help: <mailto:ietf-announce-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf-announce>, <mailto:ietf-announce-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 20 Jun 2019 16:55:38 -0000

The IESG has approved the following document:
- 'CAA Record Extensions for Account URI and ACME Method Binding'
  (draft-ietf-acme-caa-09.txt) as Proposed Standard

This document is the product of the Automated Certificate Management
Environment Working Group.

The IESG contact persons are Benjamin Kaduk and Roman Danyliw.

A URL of this Internet Draft is:
https://datatracker.ietf.org/doc/draft-ietf-acme-caa/





Technical Summary

The CAA DNS record allows a domain to communicate issuance policy to
CAs, but only allows a domain to define policy with CA-level
granularity.  However, the CAA specification also provides facilities
for extension to admit more granular, CA-specific policy.  This
specification defines two such parameters, one allowing specific
accounts of a CA to be identified by URI and one allowing specific
methods of domain control validation as defined by the ACME protocol
to be required.

Working Group Summary

Earlier drafts used a hyphen character in the "validationmethods" and
"accounturi" parameters that was incompatible with the grammar defined in RFC
6844. This has been addressed in the latest draft by removing the hyphen
character.

Early discussion of the draft addressed issues raised by the community with
regards to the security considerations section, and the handling of non-ACME
challenge methods. Overall consensus was reached within the WG process without
any rough areas and no controversial topics remain unaddressed.

Document Quality

Let's Encrypt, a large high-volume production ACME based CA, has fully
implemented the ACME-CAA draft in a testing environment (not yet promoted to
production usage). Let's Encrypt has committed to promoting ACME-CAA features
to production in the near future.

The overall document quality is high. Developing an implementation based on the
specification text is reasonable.

Personnel

The document shepard is Daniel McCarney. 

The responsible area director is Roman Danyliw.