[ECA-6063] Make Trust Anchor for CAA Validators configurable - PrimeKey Issue Tracker

XML

Word

Printable

Details

Type: New Feature
Status: Closed
Priority: Major
Resolution: Fixed
Affects Version/s: None
Fix Version/s: EJBCA 6.9.1
Component/s: None
Labels:
- CAA

Issue discovered during:
Review
Epic Link:
CAA Bugs/Improvements
Sprint:
EJBCA Sprint 1

Description

CAA should always check DNSSec, but there is an off chance that somebody has signed their records with another trust anchor, or that the trust anchor changes (unlikely, but could happen). Make the trust anchor configurable, keeping the current one as the pre-defined default.

Attachments

Options
- Sort By Name
- Sort By Date
- Ascending
- Descending
- Thumbnails
- List
- Download All

Attachments

Screen Shot 2017-10-02 at 15.09.27.png
44 kB
2017-10-02 15:12

Issue Links

is related to

ECA-5627 DNS Certification Authority Authorization (CAA) Resource Record

Closed

ECA-6128 Make querying top level domains (TLDs) for CAA lookups optional

Closed

Activity

People

Assignee:: Henrik Sunmark

Reporter:: Samuel Lidén Borell

Verified by:: Mike Agrenius Kushner, Samuel Lidén Borell

Votes:: 0 Vote for this issue

Watchers:: 4 Start watching this issue

Dates

Created:: 2017-08-18 17:07

Updated:: 2019-05-13 13:11

Resolved:: 2017-10-03 11:06

Time Tracking

Estimated:

Remaining:

Logged:

1d 30m