{"draft":"draft-ietf-acme-caa-10","doc_id":"RFC8657","title":"Certification Authority Authorization (CAA) Record Extensions for Account URI and Automatic Certificate Management Environment (ACME) Method Binding","authors":["H. Landau"],"format":["HTML","TEXT","PDF","XML"],"page_count":"11","pub_status":"PROPOSED STANDARD","status":"PROPOSED STANDARD","source":"Automated Certificate Management Environment","abstract":"The Certification Authority Authorization (CAA) DNS record allows a\r\ndomain to communicate an issuance policy to Certification Authorities\r\n(CAs) but only allows a domain to define a policy with CA-level\r\ngranularity. However, the CAA specification (RFC 8659) also provides\r\nfacilities for an extension to admit a more granular, CA-specific\r\npolicy. This specification defines two such parameters: one allowing\r\nspecific accounts of a CA to be identified by URIs and one allowing\r\nspecific methods of domain control validation as defined by the\r\nAutomatic Certificate Management Environment (ACME) protocol to be\r\nrequired.","pub_date":"November 2019","keywords":[],"obsoletes":[],"obsoleted_by":[],"updates":[],"updated_by":[],"see_also":[],"doi":"10.17487\/RFC8657","errata_url":null}