draft-ietf-lamps-rfc6844bis-05.txt   draft-ietf-lamps-rfc6844bis-06.txt 
Network Working Group P. Hallam-Baker Network Working Group P. Hallam-Baker
Internet-Draft Internet-Draft
Obsoletes: 6844 (if approved) R. Stradling Obsoletes: 6844 (if approved) R. Stradling
Intended status: Standards Track Sectigo Intended status: Standards Track Sectigo
Expires: August 8, 2019 J. Hoffman-Andrews Expires: November 10, 2019 J. Hoffman-Andrews
Let's Encrypt Let's Encrypt
February 04, 2019 May 09, 2019
DNS Certification Authority Authorization (CAA) Resource Record DNS Certification Authority Authorization (CAA) Resource Record
draft-ietf-lamps-rfc6844bis-05 draft-ietf-lamps-rfc6844bis-06
Abstract Abstract
The Certification Authority Authorization (CAA) DNS Resource Record The Certification Authority Authorization (CAA) DNS Resource Record
allows a DNS domain name holder to specify one or more Certification allows a DNS domain name holder to specify one or more Certification
Authorities (CAs) authorized to issue certificates for that domain Authorities (CAs) authorized to issue certificates for that domain
name. CAA Resource Records allow a public Certification Authority to name. CAA Resource Records allow a public Certification Authority to
implement additional controls to reduce the risk of unintended implement additional controls to reduce the risk of unintended
certificate mis-issue. This document defines the syntax of the CAA certificate mis-issue. This document defines the syntax of the CAA
record and rules for processing CAA records by certificate issuers. record and rules for processing CAA records by certificate issuers.
skipping to change at page 1, line 41 skipping to change at page 1, line 41
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet- working documents as Internet-Drafts. The list of current Internet-
Drafts is at https://datatracker.ietf.org/drafts/current/. Drafts is at https://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
This Internet-Draft will expire on August 8, 2019. This Internet-Draft will expire on November 10, 2019.
Copyright Notice Copyright Notice
Copyright (c) 2019 IETF Trust and the persons identified as the Copyright (c) 2019 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents Provisions Relating to IETF Documents
(https://trustee.ietf.org/license-info) in effect on the date of (https://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents publication of this document. Please review these documents
skipping to change at page 3, line 46 skipping to change at page 3, line 46
indicator of a security policy violation. Such use SHOULD take indicator of a security policy violation. Such use SHOULD take
account of the possibility that published CAA records changed between account of the possibility that published CAA records changed between
the time a certificate was issued and the time at which the the time a certificate was issued and the time at which the
certificate was observed by the Certificate Evaluator. certificate was observed by the Certificate Evaluator.
2. Definitions 2. Definitions
2.1. Requirements Language 2.1. Requirements Language
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and
document are to be interpreted as described in [RFC8174]. "OPTIONAL" in this document are to be interpreted as described in BCP
14 [RFC2119] [RFC8174] when, and only when, they appear in all
capitals, as shown here.
2.2. Defined Terms 2.2. Defined Terms
The following terms are used in this document: The following terms are used in this document:
Certificate: An X.509 Certificate, as specified in [RFC5280]. Certificate: An X.509 Certificate, as specified in [RFC5280].
Certificate Evaluator: A party other than a Relying Party that Certificate Evaluator: A party other than a Relying Party that
evaluates the trustworthiness of certificates issued by Certification evaluates the trustworthiness of certificates issued by Certification
Authorities. Authorities.
skipping to change at page 16, line 25 skipping to change at page 16, line 25
10.1. Normative References 10.1. Normative References
[RFC1034] Mockapetris, P., "Domain names - concepts and facilities", [RFC1034] Mockapetris, P., "Domain names - concepts and facilities",
STD 13, RFC 1034, DOI 10.17487/RFC1034, November 1987, STD 13, RFC 1034, DOI 10.17487/RFC1034, November 1987,
<https://www.rfc-editor.org/info/rfc1034>. <https://www.rfc-editor.org/info/rfc1034>.
[RFC1035] Mockapetris, P., "Domain names - implementation and [RFC1035] Mockapetris, P., "Domain names - implementation and
specification", STD 13, RFC 1035, DOI 10.17487/RFC1035, specification", STD 13, RFC 1035, DOI 10.17487/RFC1035,
November 1987, <https://www.rfc-editor.org/info/rfc1035>. November 1987, <https://www.rfc-editor.org/info/rfc1035>.
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119,
DOI 10.17487/RFC2119, March 1997,
<https://www.rfc-editor.org/info/rfc2119>.
[RFC2181] Elz, R. and R. Bush, "Clarifications to the DNS [RFC2181] Elz, R. and R. Bush, "Clarifications to the DNS
Specification", RFC 2181, DOI 10.17487/RFC2181, July 1997, Specification", RFC 2181, DOI 10.17487/RFC2181, July 1997,
<https://www.rfc-editor.org/info/rfc2181>. <https://www.rfc-editor.org/info/rfc2181>.
[RFC4033] Arends, R., Austein, R., Larson, M., Massey, D., and S. [RFC4033] Arends, R., Austein, R., Larson, M., Massey, D., and S.
Rose, "DNS Security Introduction and Requirements", Rose, "DNS Security Introduction and Requirements",
RFC 4033, DOI 10.17487/RFC4033, March 2005, RFC 4033, DOI 10.17487/RFC4033, March 2005,
<https://www.rfc-editor.org/info/rfc4033>. <https://www.rfc-editor.org/info/rfc4033>.
[RFC4034] Arends, R., Austein, R., Larson, M., Massey, D., and S. [RFC4034] Arends, R., Austein, R., Larson, M., Massey, D., and S.
 End of changes. 6 change blocks. 
6 lines changed or deleted 13 lines changed or added

This html diff was produced by rfcdiff 1.47. The latest version is available from http://tools.ietf.org/tools/rfcdiff/