[lamps] CAA processing for email addresses

Corey Bonnell <Corey.Bonnell@digicert.com> Wed, 30 November 2022 17:17 UTC

From: Corey Bonnell <Corey.Bonnell@digicert.com>
To: LAMPS WG <spasm@ietf.org>
Thread-Topic: CAA processing for email addresses
Thread-Index: AdkE3JItxNBB7kz6RsOpvMkCMg4ICA==
Date: Wed, 30 Nov 2022 17:17:42 +0000
Message-ID: <DM6PR14MB2186A5E0A82D87085564B90D92159@DM6PR14MB2186.namprd14.prod.outlook.com>
Accept-Language: en-US
Content-Language: en-US
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: Mh4iwinea8gu360AY2ds6WVI6OHcK5ookFL0526jdryPIooy/mMjwm2Qo6+phfokt+a0WvTKvJKEjhGuJ5vE8yn4B11gkDIpm1tIYY7ZhWsUXon1BO+iJQ6VsvuK9lzCN/BO4CtLwTaeK9Z9x0RlP04m8Ss3SENk0rkIxWAMUiQgI75rrt5alfjRRAXUG3dStaidA/yp1G/PzhWpjMhZX+EE4eq8tj4Ve+Fc3nu7PTW3zEWQfKcAQE8wzvKV1InE18i5lxs4WPqS8CJaQ4/0/Mc5OYuq7UNWqDy7EmyxNUy4rkvsK4OqGgViBY8wcLhD4k+tHnBouDjpz7E7KHqlP8IBhp/9kUIEy/LKFx43wPnkmqB8Gzg0C5FUOTlsYu1Z4JajcyhigZz9oj0ubDNexkqwbLTAMNZUh8qOSUzgCXYZFhX9JU0f5Lrh7RADU7O4JqHb9/z72o/7CAEAs6VAugm86hKjY1K40rEFlyvWzB40cOahgHpg3QUcpN3BfqYcN9orpBuxx0FZO4piU+MCstJTyPD8CiqtVsEAOvZLyzNE5Izhsv9rNjn5pklC1eKqLkQURxx+HRv6D+RmYliOO8Gg+uJmHMi91dM0j3XdE3GpkSi3jvvOYL2XG5GLw1qeieg8/aoaHWDfDYwsfrvxAjuO5YrjzUp6Op2gEhG/1sKWGkCbdbNdMfDkTcFr8Zz221G8etpxOI/4F9oYSjLV1Vj5r31/3u9vIqSo+3rW2JLauGpZlmJct0PRTj+N/+daQIrJyhVRKN8zuP4VpNz5RdrBoPTtlXteiRFqpAIU5IbARAzMJqVGKSHP5sl9JTr5jWfNysGB0vNaAz8jjLaIS3Fr0n2r6Wd5cfkhDnGQ8O52cgo1d76P9bPUu96sV85EzlDW0KoAn/mA9Vnv7uTSfBtlZ91dKjxv1Gstg2ITlOxyPXgn2xwETapVGpDSc9esPCIlUahl2VSjRltFiy/bftZvToHZnfRLhAyI+4gNGxAQhZPj2hQNTo2HFN+GDaRPddiYqQ4qGc3VCPQEBfOiengVGHYfNTJH5MjPOkGI8boSiyN898JpHkmCaW/0qr8S/pIcys0i2OqatpBx6HT5AZ3xXH/WZOsLWIUjcR8BpNnMGZaHDP+Vc/XgtpTCEnTO6cC/F0H2ctDZeIfcTITUp6g16LHjWGVpoE9ZdDrjFz5HamLVI2UtjnjFDJsmyztJDtGwkCXgrPGagn8kyNyNAzZ0llkH8jbrj7uTnrsZGkwUdc+1c5p77nVXnLx7G55G6Qad7EwHgA+A2w6JQFsNW1NpndYbYaiWE6OvViWeArv02X64DvPMWPQCOkh2w4Kbki5XxjUdq5MBBVEcUsoqjzK6LYxqxmnofvrUZ2tvfEKi3N1ihc198qzgVYAn4Wh4pNqY2LLA4C5KQ4QNc5/+A5PdN95K4OF3BE+jeDSsHuf6mVYYlbzhWX7aXy5o3MmAndvx2oIFS46o0Bg4MoI7qPye8jUq7JM5W9AQHX8cVG+uousBCEMfYflWY3Sd5hkjvPdxSgmmYgJjhqTJkPHsQP4VClBFcrpkUSoitfGRqlZnnFfsnOG2vPeGz+j5Rofas6KKLcJSiwiGABUsynv7fA==
Content-Type: multipart/signed; protocol="application/x-pkcs7-signature"; micalg="2.16.840.1.101.3.4.2.1"; boundary="----=_NextPart_000_022E_01D904B5.BE6BFC80"
MIME-Version: 1.0
X-OriginatorOrg: digicert.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: DM6PR14MB2186.namprd14.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 34e640e1-ec19-42e6-db8e-08dad2f6ca7c
X-MS-Exchange-CrossTenant-originalarrivaltime: 30 Nov 2022 17:17:42.6689 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: cf813fa1-bde5-4e75-9479-f6aaa8b1f284
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: /956LE1g8jfNfmORgNHq1CnhI24W8ZZSK5+2L4haLrvLz21ZTUTe8s6LIvGQ3JgNIDEEGT1dA6nPsDCSwNfGA3HUQeWMqUZObJgbyXT1iH8=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: SN7PR14MB4349
Archived-At: <https://mailarchive.ietf.org/arch/msg/spasm/chcrIZEit6HcdGyFGNzyiL7Dg6k>
Subject: [lamps] CAA processing for email addresses
X-BeenThere: spasm@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." <spasm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/spasm>, <mailto:spasm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/spasm/>
List-Post: <mailto:spasm@ietf.org>
List-Help: <mailto:spasm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/spasm>, <mailto:spasm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 30 Nov 2022 17:17:51 -0000

Hello,

Over the past several years, there have been discussions [1][2][3] on
extending CAA such that it can be used for domains to express restrictions
on the issuance of certificates for email addresses (e.g., S/MIME
certificates, etc.). With the recent passage of the initial version of the
CA/Browser Forum S/MIME Baseline Requirements, there is a renewed interest
in mandating that publicly trusted CAs process CAA records prior to the
issuance of S/MIME certificates in an upcoming version of the requirements.
In order to provide a full specification for CAA processing for email
addresses, I drafted an I-D for a new CAA property tag:
https://www.ietf.org/archive/id/draft-bonnell-caa-issuemail-00.html. I am
hopeful that such a specification can be reviewed here such that any update
to the S/MIME Baseline Requirements that mandates CAA processing can
directly reference the specification.

 

Given that CAA is a topic that is firmly within the scope of this WG, I
wanted to circulate the draft here and would appreciate feedback and
comments.

 

Thanks,

Corey

 

[1] https://groups.google.com/g/mozilla.dev.security.policy/c/NIc2Nwa9Msg

[2] https://github.com/mozilla/pkipolicy/issues/135

[3]
https://lists.cabforum.org/pipermail/smcwg-public/2020-October/000040.html

Attachment: smime.p7s

Re: [lamps] CAA processing for email addresses Russ Housley
[lamps] CAA processing for email addresses Corey Bonnell
Re: [lamps] CAA processing for email addresses Seo Suchan
Re: [lamps] CAA processing for email addresses Corey Bonnell
Re: [lamps] CAA processing for email addresses Stephen Farrell
Re: [lamps] CAA processing for email addresses Stephen Farrell
Re: [lamps] [EXTERNAL] Re: CAA processing for ema… Mike Ounsworth
Re: [lamps] [EXTERNAL] Re: CAA processing for ema… Stephen Farrell
Re: [lamps] [EXTERNAL] Re: CAA processing for ema… Mike Ounsworth
Re: [lamps] [EXTERNAL] Re: CAA processing for ema… Corey Bonnell
Re: [lamps] [EXTERNAL] Re: CAA processing for ema… Mike Ounsworth
Re: [lamps] [EXTERNAL] Re: CAA processing for ema… Phillip Hallam-Baker
Re: [lamps] [EXTERNAL] Re: CAA processing for ema… Stephen Farrell
Re: [lamps] [EXTERNAL] Re: CAA processing for ema… Phillip Hallam-Baker
Re: [lamps] [EXTERNAL] Re: CAA processing for ema… Antonios Chariton
Re: [lamps] [EXTERNAL] Re: CAA processing for ema… Phillip Hallam-Baker
Re: [lamps] [EXTERNAL] Re: CAA processing for ema… Mike Ounsworth
Re: [lamps] [EXTERNAL] Re: CAA processing for ema… Mike Ounsworth
Re: [lamps] [EXTERNAL] Re: CAA processing for ema… Corey Bonnell
Re: [lamps] [EXTERNAL] Re: CAA processing for ema… Nicolas Lidzborski
Re: [lamps] [EXTERNAL] Re: CAA processing for ema… Nicolas Lidzborski
Re: [lamps] [EXTERNAL] Re: CAA processing for ema… Corey Bonnell
Re: [lamps] CAA processing for email addresses Seo Suchan
Re: [lamps] CAA processing for email addresses Seo Suchan
Re: [lamps] CAA processing for email addresses Corey Bonnell

[lamps] CAA processing for email addresses

Attachment: smime.p7s