Protocol Action: 'CAA Record Extensions for Account URI and ACME Method Binding' to Proposed Standard (draft-ietf-acme-caa-09.txt)
The IESG <iesg-secretary@ietf.org> Thu, 20 June 2019 16:55 UTC
Return-Path: <iesg-secretary@ietf.org>
X-Original-To: ietf-announce@ietf.org
Delivered-To: ietf-announce@ietfa.amsl.com
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 9203212010C; Thu, 20 Jun 2019 09:55:37 -0700 (PDT)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
From: The IESG <iesg-secretary@ietf.org>
To: IETF-Announce <ietf-announce@ietf.org>
Subject: Protocol Action: 'CAA Record Extensions for Account URI and ACME Method Binding' to Proposed Standard (draft-ietf-acme-caa-09.txt)
X-Test-IDTracker: no
X-IETF-IDTracker: 6.98.0
Auto-Submitted: auto-generated
Precedence: bulk
Cc: rdd@cert.org, The IESG <iesg@ietf.org>, Daniel McCarney <cpu@letsencrypt.org>, acme@ietf.org, cpu@letsencrypt.org, draft-ietf-acme-caa@ietf.org, acme-chairs@ietf.org, rfc-editor@rfc-editor.org
Content-Transfer-Encoding: 7bit
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Message-ID: <156104973759.2906.6496705766706177324.idtracker@ietfa.amsl.com>
Date: Thu, 20 Jun 2019 09:55:37 -0700
Archived-At: <https://mailarchive.ietf.org/arch/msg/ietf-announce/thMfBM79ymRVw99L0pyxFxoTsNs>
X-BeenThere: ietf-announce@ietf.org
X-Mailman-Version: 2.1.29
List-Id: "IETF announcement list. No discussions." <ietf-announce.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf-announce>, <mailto:ietf-announce-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ietf-announce/>
List-Post: <mailto:ietf-announce@ietf.org>
List-Help: <mailto:ietf-announce-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf-announce>, <mailto:ietf-announce-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 20 Jun 2019 16:55:38 -0000
The IESG has approved the following document: - 'CAA Record Extensions for Account URI and ACME Method Binding' (draft-ietf-acme-caa-09.txt) as Proposed Standard This document is the product of the Automated Certificate Management Environment Working Group. The IESG contact persons are Benjamin Kaduk and Roman Danyliw. A URL of this Internet Draft is: https://datatracker.ietf.org/doc/draft-ietf-acme-caa/ Technical Summary The CAA DNS record allows a domain to communicate issuance policy to CAs, but only allows a domain to define policy with CA-level granularity. However, the CAA specification also provides facilities for extension to admit more granular, CA-specific policy. This specification defines two such parameters, one allowing specific accounts of a CA to be identified by URI and one allowing specific methods of domain control validation as defined by the ACME protocol to be required. Working Group Summary Earlier drafts used a hyphen character in the "validationmethods" and "accounturi" parameters that was incompatible with the grammar defined in RFC 6844. This has been addressed in the latest draft by removing the hyphen character. Early discussion of the draft addressed issues raised by the community with regards to the security considerations section, and the handling of non-ACME challenge methods. Overall consensus was reached within the WG process without any rough areas and no controversial topics remain unaddressed. Document Quality Let's Encrypt, a large high-volume production ACME based CA, has fully implemented the ACME-CAA draft in a testing environment (not yet promoted to production usage). Let's Encrypt has committed to promoting ACME-CAA features to production in the near future. The overall document quality is high. Developing an implementation based on the specification text is reasonable. Personnel The document shepard is Daniel McCarney. The responsible area director is Roman Danyliw.