Uploaded image for project: 'EJBCA'
  1. EJBCA
  2. ECA-6128

Make querying top level domains (TLDs) for CAA lookups optional

    Details

    • Type: Improvement
    • Status: Closed
    • Priority: Minor
    • Resolution: Fixed
    • Affects Version/s: EJBCA 6.9.0.6
    • Fix Version/s: EJBCA 6.9.1
    • Component/s: None
    • Labels:

      Description

      The CAA RFC specifies that CAA checks should be made all the way up a domain tree, but in reality the chances of a domain having CAA records the more common TLDs (.com, org, .co.uk etc...) are rather slim.

      A simply solution is to implement a simple semicolon split ignore list of TLDS in the CAA validator ("com;org;net;se;co.uk") to allow the CA itself to diverge from the RFC.

      Note: this list should be case case insensitive, trim spaces and allow for either with periods (.com) or without (com).

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                bastianf Bastian Fredriksson
                Reporter:
                mikek Mike Agrenius Kushner
                Verified by:
                Mike Agrenius Kushner
              • Votes:
                0 Vote for this issue
                Watchers:
                4 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved:

                  Time Tracking

                  Estimated:
                  Original Estimate - 2 days Original Estimate - 2 days
                  2d
                  Remaining:
                  Remaining Estimate - 0 minutes
                  0m
                  Logged:
                  Time Spent - 2 days, 2 hours
                  2d 2h