Details
-
Type:
Improvement
-
Status: Closed
-
Priority:
Minor
-
Resolution: Fixed
-
Affects Version/s: EJBCA 6.9.0.6
-
Fix Version/s: EJBCA 6.9.1
-
Component/s: None
-
Labels:
-
Issue discovered during:Customer
-
Epic Link:
-
Sprint:EJBCA Sprint 1
Description
The CAA RFC specifies that CAA checks should be made all the way up a domain tree, but in reality the chances of a domain having CAA records the more common TLDs (.com, org, .co.uk etc...) are rather slim.
A simply solution is to implement a simple semicolon split ignore list of TLDS in the CAA validator ("com;org;net;se;co.uk") to allow the CA itself to diverge from the RFC.
Note: this list should be case case insensitive, trim spaces and allow for either with periods (.com) or without (com).
Attachments
Issue Links
- relates
-
ECA-6063 Make Trust Anchor for CAA Validators configurable
-
- Closed
-