[pkix] [Technical Errata Reported] RFC6844 (5097)
RFC Errata System <rfc-editor@rfc-editor.org> Fri, 25 August 2017 18:19 UTC
Return-Path: <wwwrun@rfc-editor.org>
X-Original-To: pkix@ietfa.amsl.com
Delivered-To: pkix@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1])
by ietfa.amsl.com (Postfix) with ESMTP id 08D0C132A19
for <pkix@ietfa.amsl.com>; Fri, 25 Aug 2017 11:19:21 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.2
X-Spam-Level:
X-Spam-Status: No, score=-4.2 tagged_above=-999 required=5
tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001,
URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44])
by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024)
with ESMTP id B612YqV3JLCn for <pkix@ietfa.amsl.com>;
Fri, 25 Aug 2017 11:19:19 -0700 (PDT)
Received: from rfc-editor.org (rfc-editor.org [4.31.198.49])
(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
(No client certificate requested)
by ietfa.amsl.com (Postfix) with ESMTPS id ADE75132256
for <pkix@ietf.org>; Fri, 25 Aug 2017 11:19:19 -0700 (PDT)
Received: by rfc-editor.org (Postfix, from userid 30)
id 1F69BB801DC; Fri, 25 Aug 2017 11:18:48 -0700 (PDT)
To: philliph@comodo.com, rob.stradling@comodo.com,
Kathleen.Moriarty.ietf@gmail.com, ekr@rtfm.com, kent@bbn.com,
stefan@aaa-sec.com
X-PHP-Originating-Script: 30:errata_mail_lib.php
From: RFC Errata System <rfc-editor@rfc-editor.org>
Cc: agwa@andrewayer.name, pkix@ietf.org, rfc-editor@rfc-editor.org
Content-Type: text/plain; charset=UTF-8
Message-Id: <20170825181848.1F69BB801DC@rfc-editor.org>
Date: Fri, 25 Aug 2017 11:18:48 -0700 (PDT)
Archived-At: <https://mailarchive.ietf.org/arch/msg/pkix/BlmjECNAZ1IpLX395MDCosidc9A>
Subject: [pkix] [Technical Errata Reported] RFC6844 (5097)
X-BeenThere: pkix@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: PKIX Working Group <pkix.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/pkix>,
<mailto:pkix-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/pkix/>
List-Post: <mailto:pkix@ietf.org>
List-Help: <mailto:pkix-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/pkix>,
<mailto:pkix-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 25 Aug 2017 18:19:21 -0000
The following errata report has been submitted for RFC6844, "DNS Certification Authority Authorization (CAA) Resource Record". -------------------------------------- You may review the report below and at: http://www.rfc-editor.org/errata/eid5097 -------------------------------------- Type: Technical Reported by: Andrew Ayer <agwa@andrewayer.name> Section: 4 Original Text ------------- Let CAA(X) be the record set returned in response to performing a CAA record query on the label X, P(X) be the DNS label immediately above X in the DNS hierarchy, and A(X) be the target of a CNAME or DNAME alias record specified at the label X. Corrected Text -------------- Let CAA(X) be the record set returned in response to performing a CAA record query on the label X, P(X) be the DNS label immediately above X in the DNS hierarchy, and A(X) be the target of a CNAME alias record specified at the label X. Notes ----- As currently worded, section 4 tells the CA to look up a DNAME record specified *at* the label X, and if one is found, look up a CAA record at the DNAME's target. This is contrary to the behavior of DNAME as specified in RFC 6672, which is to redirect names subordinate of the DNAME but not the DNAME itself. Since DNAMEs cause CNAMEs to be synthesized for subordinate names, there is no need for implementers of CAA to care about the presence of DNAMEs at all, so this erratum simply removes any mention of DNAME. Instructions: ------------- This erratum is currently posted as "Reported". If necessary, please use "Reply All" to discuss whether it should be verified or rejected. When a decision is reached, the verifying party can log in to change the status and edit the report, if necessary. -------------------------------------- RFC6844 (draft-ietf-pkix-caa-15) -------------------------------------- Title : DNS Certification Authority Authorization (CAA) Resource Record Publication Date : January 2013 Author(s) : P. Hallam-Baker, R. Stradling Category : PROPOSED STANDARD Source : Public-Key Infrastructure (X.509) Area : Security Stream : IETF Verifying Party : IESG
- [pkix] [Technical Errata Reported] RFC6844 (5097) RFC Errata System