[pkix] [Errata Rejected] RFC6844 (4922)
RFC Errata System <rfc-editor@rfc-editor.org> Fri, 03 February 2017 15:50 UTC
Return-Path: <wwwrun@rfc-editor.org>
X-Original-To: pkix@ietfa.amsl.com
Delivered-To: pkix@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E144B129C36; Fri, 3 Feb 2017 07:50:54 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.4
X-Spam-Level:
X-Spam-Status: No, score=-7.4 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, RP_MATCHES_RCVD=-3.199, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id sN70geLc_TQX; Fri, 3 Feb 2017 07:50:53 -0800 (PST)
Received: from rfc-editor.org (rfc-editor.org [4.31.198.49]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C34E2129BE6; Fri, 3 Feb 2017 07:50:53 -0800 (PST)
Received: by rfc-editor.org (Postfix, from userid 30) id B40ADB81905; Fri, 3 Feb 2017 07:50:53 -0800 (PST)
To: Attila.Bruncsak@itu.int, philliph@comodo.com, rob.stradling@comodo.com
X-PHP-Originating-Script: 30:errata_mail_lib.php
From: RFC Errata System <rfc-editor@rfc-editor.org>
Message-Id: <20170203155053.B40ADB81905@rfc-editor.org>
Date: Fri, 03 Feb 2017 07:50:53 -0800
Archived-At: <https://mailarchive.ietf.org/arch/msg/pkix/UC1iWnRxwRGHZYqJd5D7Ca0j2_I>
Cc: text/plain@rfc-editor.org, charset=UTF-8@rfc-editor.org, rfc-editor@rfc-editor.orgContent-Type, iesg@ietf.org, pkix@ietf.org
Subject: [pkix] [Errata Rejected] RFC6844 (4922)
X-BeenThere: pkix@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: PKIX Working Group <pkix.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/pkix>, <mailto:pkix-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/pkix/>
List-Post: <mailto:pkix@ietf.org>
List-Help: <mailto:pkix-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/pkix>, <mailto:pkix-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 03 Feb 2017 15:50:55 -0000
The following errata report has been rejected for RFC6844, "DNS Certification Authority Authorization (CAA) Resource Record". -------------------------------------- You may review the report below and at: http://www.rfc-editor.org/errata_search.php?rfc=6844&eid=4922 -------------------------------------- Status: Rejected Type: Technical Reported by: Attila Bruncsák <Attila.Bruncsak@itu.int> Date Reported: 2017-02-03 Rejected by: Stephen Farrell (IESG) Section: 4 Original Text ------------- The search for a CAA record climbs the DNS name tree from the specified label up to but not including the DNS root '.'. Corrected Text -------------- The search for a CAA record must not climb the DNS name tree from the specified label up. Notes ----- Obviously it does not make any sense to climb up. If there would be CAA record published for the "com" TLD, than it would make what relation to the CAA of the "example.com" domain? From an other viewpoint: all CAs are going to check the "com" TLD for CAA record if a given organization has no CAA record published in its own domain? Another, more practical example: "example.com" needs a certificate for his top domain (https://example.com/), so it decides to publish the CAA record to enforce the security. Doing this it may unknowingly affect the renewal of the certificate for the wellhidden.hr.example.com where the hr.example.com domain is under different administrative authority than example.com domain itself. --VERIFIER NOTES-- This would be a change and hence is not an erratum -------------------------------------- RFC6844 (draft-ietf-pkix-caa-15) -------------------------------------- Title : DNS Certification Authority Authorization (CAA) Resource Record Publication Date : January 2013 Author(s) : P. Hallam-Baker, R. Stradling Category : PROPOSED STANDARD Source : Public-Key Infrastructure (X.509) Area : Security Stream : IETF Verifying Party : IESG
- [pkix] [Errata Rejected] RFC6844 (4922) RFC Errata System