Uploaded image for project: 'EJBCA'
  1. EJBCA
  2. ECA-6128

Make querying top level domains (TLDs) for CAA lookups optional

    Details

    • Type: Improvement
    • Status: Closed
    • Priority: Minor
    • Resolution: Fixed
    • Affects Version/s: EJBCA 6.9.0.6
    • Fix Version/s: EJBCA 6.9.1
    • Component/s: None
    • Labels:

      Description

      The CAA RFC specifies that CAA checks should be made all the way up a domain tree, but in reality the chances of a domain having CAA records the more common TLDs (.com, org, .co.uk etc...) are rather slim.

      A simply solution is to implement a simple semicolon split ignore list of TLDS in the CAA validator ("com;org;net;se;co.uk") to allow the CA itself to diverge from the RFC.

      Note: this list should be case case insensitive, trim spaces and allow for either with periods (.com) or without (com).

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              bastianf Bastian Fredriksson
              Reporter:
              mikek Mike Agrenius Kushner
              Verified by:
              Mike Agrenius Kushner
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved:

                  Time Tracking

                  Estimated:
                  Original Estimate - 2 days Original Estimate - 2 days
                  2d
                  Remaining:
                  Remaining Estimate - 0 minutes
                  0m
                  Logged:
                  Time Spent - 2 days, 2 hours
                  2d 2h