[pkix] [Errata Held for Document Update] RFC6844 (5244)

RFC Errata System <rfc-editor@rfc-editor.org> Fri, 30 November 2018 19:42 UTC

Return-Path: <wwwrun@rfc-editor.org>
X-Original-To: pkix@ietfa.amsl.com
Delivered-To: pkix@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2D071130FB2; Fri, 30 Nov 2018 11:42:30 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.2
X-Spam-Level:
X-Spam-Status: No, score=-4.2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id pokM_8-QKL0c; Fri, 30 Nov 2018 11:42:28 -0800 (PST)
Received: from rfc-editor.org (rfc-editor.org [4.31.198.49]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 447B4130FC7; Fri, 30 Nov 2018 11:42:28 -0800 (PST)
Received: by rfc-editor.org (Postfix, from userid 30) id 513D8B800B4; Fri, 30 Nov 2018 11:42:24 -0800 (PST)
To: cbonnell@trustwave.com, philliph@comodo.com, rob.stradling@comodo.com
X-PHP-Originating-Script: 30:errata_mail_lib.php
From: RFC Errata System <rfc-editor@rfc-editor.org>
Cc: ekr@rtfm.com, iesg@ietf.org, pkix@ietf.org, rfc-editor@rfc-editor.org
Content-Type: text/plain; charset=UTF-8
Message-Id: <20181130194224.513D8B800B4@rfc-editor.org>
Date: Fri, 30 Nov 2018 11:42:24 -0800 (PST)
Archived-At: <https://mailarchive.ietf.org/arch/msg/pkix/z3UpyvxgGdLBb8QOCqe8hDDwxTs>
Subject: [pkix] [Errata Held for Document Update] RFC6844 (5244)
X-BeenThere: pkix@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: PKIX Working Group <pkix.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/pkix>, <mailto:pkix-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/pkix/>
List-Post: <mailto:pkix@ietf.org>
List-Help: <mailto:pkix-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/pkix>, <mailto:pkix-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 30 Nov 2018 19:42:38 -0000

The following errata report has been held for document update 
for RFC6844, "DNS Certification Authority Authorization (CAA) Resource Record". 

--------------------------------------
You may review the report below and at:
http://www.rfc-editor.org/errata/eid5244

--------------------------------------
Status: Held for Document Update
Type: Technical

Reported by: Corey Bonnell <cbonnell@trustwave.com>;
Date Reported: 2018-01-26
Held by: EKR (IESG)

Section: 5.2

Original Text
-------------
CAA authorizations are additive; thus, the result of specifying both
the empty issuer and a specified issuer is the same as specifying
just the specified issuer alone.

Corrected Text
--------------
CAA authorizations are additive; thus, the result of specifying both
the empty issuer and a specified issuer is the same as specifying
just the specified issuer alone.  A non-empty CAA record set that does
not contain an issue property tag is authorization to any certificate
issuer to issue for the corresponding domain, provided that no
records in the CAA record set otherwise prohibit issuance.

Notes
-----
The current wording in the RFC does not clearly state how non-empty CAA record sets which do not contain any "issue" property tags should be handled in terms of whether or not such record sets authorize issuance. The additional wording clarifies the correct handling of this case.

--------------------------------------
RFC6844 (draft-ietf-pkix-caa-15)
--------------------------------------
Title               : DNS Certification Authority Authorization (CAA) Resource Record
Publication Date    : January 2013
Author(s)           : P. Hallam-Baker, R. Stradling
Category            : PROPOSED STANDARD
Source              : Public-Key Infrastructure (X.509)
Area                : Security
Stream              : IETF
Verifying Party     : IESG