Uploaded image for project: 'EJBCA'
  1. EJBCA
  2. ECA-6045

Implement CAA Validator in EJBCA

    Details

    • Type: New Feature
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: EJBCA 6.9.0
    • Component/s: None
    • Labels:
    • Sprint:
      6.9.0 Sprint 3

      Description

      As defined by IETF https://datatracker.ietf.org/doc/rfc6844/
      See also: https://tools.ietf.org/id/draft-hallambaker-donotissue-02.html
      CaBForum baseline: https://cabforum.org/wp-content/uploads/CA-Browser-Forum-BR-1.4.5.pdf (section 3.2.2.8)

      This will require an outgoing connection to unknown and potentially malicious systems, so we need to take security into account.

      Standard Java does not support other lookups than standard DNS->IP queries (record types A and AAAA). But there is a pure Java library for doing DNS lookups, that we could use: http://www.dnsjava.org/

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              mikek Mike Agrenius Kushner
              Reporter:
              mikek Mike Agrenius Kushner
              Verified by:
              Samuel Lidén Borell, Tomas Gustavsson
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved: