Re: [lamps] CAA tags

Stephen Farrell <> Tue, 19 December 2017 12:13 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 4D4B012426E for <>; Tue, 19 Dec 2017 04:13:36 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -4.311
X-Spam-Status: No, score=-4.311 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (1024-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id RDbsYat1XVWI for <>; Tue, 19 Dec 2017 04:13:34 -0800 (PST)
Received: from ( []) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 91A8F12422F for <>; Tue, 19 Dec 2017 04:13:34 -0800 (PST)
Received: from localhost (localhost []) by (Postfix) with ESMTP id 55757BE2F; Tue, 19 Dec 2017 12:13:32 +0000 (GMT)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id IOfabxGveZ28; Tue, 19 Dec 2017 12:13:32 +0000 (GMT)
Received: from [] ( []) by (Postfix) with ESMTPSA id 07DB8BE77; Tue, 19 Dec 2017 12:13:23 +0000 (GMT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple;; s=mail; t=1513685604; bh=U7xiuzckn47l5uGLk0O+PiF8/VzQ+AdwsMT9pyKhD8k=; h=Subject:To:Cc:References:From:Date:In-Reply-To:From; b=GObFit53gEpxo6P+ffm+wsBvBDWcHouTGfnUuczmj/GWHQ4YaMt58nlPNI93iE4NK Z0L3ryk7sMVDCKWMDtlpB/9OOXYdtucYuyXV4D/7UxRl4LaRMWYcesokv+9nmXSFtx uSVoE1iOhZvmgz/W6U+eRimJMgDH5cMx9gHYWf+w=
To: Tim Hollebeek <>
Cc: "" <>
References: <> <> <> <> <>
From: Stephen Farrell <>
Openpgp: id=D66EA7906F0B897FB2E97D582F3C8736805F8DA2; url=
Message-ID: <>
Date: Tue, 19 Dec 2017 12:13:22 +0000
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.5.0
MIME-Version: 1.0
In-Reply-To: <>
Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="BtEoc1ebOBDuBTbGnJIEnUmDffT646xdS"
Archived-At: <>
Subject: Re: [lamps] CAA tags
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Tue, 19 Dec 2017 12:13:36 -0000


I've not been following this closely but since you

On 18/12/17 20:45, Tim Hollebeek wrote:
> Pre-spec for discussion.  It’s current status is “I sat down for an
> hour, reviewed meeting minutes and read some stuff, and circulated
> some notes”.
I guess it may be ok to throw in a requirement to
keep an aspect of the status quo:

I'd like to ensure it remains possible for a whole
bunch of DNS domains to use the same CAA RR value
and for that to continue to make sense. I've no
problem if optional things can be added that are
domain-specific so long as I don't have to create
custom CAA values for every domain.

My reason for wanting that is that I deal with
sets of domains who can all currently sensibly use
the same CAA value and that's easy to handle. If
I had to go changing the value for each, esp if
that had to be re-done regularly, or even worse,
sporadically, that'd be a PITA.

Apologies for the interruption if this is already
taken as a given, but I wasn't sure based on the
recent mails about phone numbers etc.