Uploaded image for project: 'EJBCA'
  1. EJBCA
  2. ECA-5627

DNS Certification Authority Authorization (CAA) Resource Record

    Details

    • Type: New Feature
    • Status: Closed
    • Priority: Blocker
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: EJBCA 6.9.0
    • Component/s: None
    • Labels:
    • Sprint:
      6.9.0 Sprint 3

      Description

      As defined by IETF https://datatracker.ietf.org/doc/rfc6844/
      See also: https://tools.ietf.org/id/draft-hallambaker-donotissue-02.html
      CaBForum baseline: https://cabforum.org/wp-content/uploads/CA-Browser-Forum-BR-1.4.5.pdf (section 3.2.2.8)

      This will require an outgoing connection to unknown and potentially malicious systems, so we need to take security into account.

      Standard Java does not support other lookups than standard DNS->IP queries (record types A and AAAA). But there is a pure Java library for doing DNS lookups, that we could use: http://www.dnsjava.org/

      Implement this as a freestanding tool and CLI command to begin with.

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              mikek Mike Agrenius Kushner
              Reporter:
              mikek Mike Agrenius Kushner
              Verified by:
              Henrik Sunmark, Samuel Lidén Borell
              Votes:
              1 Vote for this issue
              Watchers:
              9 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved: