< draft-ietf-acme-caa-09.txt   draft-ietf-acme-caa-10.txt >
ACME Working Group H. Landau ACME Working Group H. Landau
Internet-Draft June 16, 2019 Internet-Draft June 20, 2019
Intended status: Standards Track Intended status: Standards Track
Expires: December 18, 2019 Expires: December 22, 2019
CAA Record Extensions for Account URI and ACME Method Binding CAA Record Extensions for Account URI and ACME Method Binding
draft-ietf-acme-caa-09 draft-ietf-acme-caa-10
Abstract Abstract
The Certification Authority Authorization (CAA) DNS record allows a The Certification Authority Authorization (CAA) DNS record allows a
domain to communicate issuance policy to Certification Authorities domain to communicate issuance policy to Certification Authorities
(CAs), but only allows a domain to define policy with CA-level (CAs), but only allows a domain to define policy with CA-level
granularity. However, the CAA specification also provides facilities granularity. However, the CAA specification also provides facilities
for extension to admit more granular, CA-specific policy. This for extension to admit more granular, CA-specific policy. This
specification defines two such parameters, one allowing specific specification defines two such parameters, one allowing specific
accounts of a CA to be identified by URI and one allowing specific accounts of a CA to be identified by URI and one allowing specific
skipping to change at page 1, line 38 skipping to change at page 1, line 38
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet- working documents as Internet-Drafts. The list of current Internet-
Drafts is at https://datatracker.ietf.org/drafts/current/. Drafts is at https://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
This Internet-Draft will expire on December 18, 2019. This Internet-Draft will expire on December 22, 2019.
Copyright Notice Copyright Notice
Copyright (c) 2019 IETF Trust and the persons identified as the Copyright (c) 2019 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents Provisions Relating to IETF Documents
(https://trustee.ietf.org/license-info) in effect on the date of (https://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents publication of this document. Please review these documents
skipping to change at page 4, line 9 skipping to change at page 4, line 9
The "accounturi" specification provides a general mechanism to The "accounturi" specification provides a general mechanism to
identify entities which may request certificate issuance via URIs. identify entities which may request certificate issuance via URIs.
The use of specific kinds of URI may be specified in future RFCs, and The use of specific kinds of URI may be specified in future RFCs, and
CAs not implementing ACME MAY assign and recognise their own URIs CAs not implementing ACME MAY assign and recognise their own URIs
arbitrarily. arbitrarily.
4. Extensions to the CAA Record: validationmethods Parameter 4. Extensions to the CAA Record: validationmethods Parameter
A CAA parameter "validationmethods" is also defined for the "issue" A CAA parameter "validationmethods" is also defined for the "issue"
and "issuewild" properties. The value of this parameter, if and "issuewild" properties. The value of this parameter, if
specified, MUST be a comma-separated string of validation method specified, MUST be a comma-separated string of zero or more
labels. validation method labels.
A validation method label identifies a validation method. A A validation method label identifies a validation method. A
validation method is a particular way in which a CA can validate validation method is a particular way in which a CA can validate
control over a domain. control over a domain.
The presence of this parameter constrains the property to which it is The presence of this parameter constrains the property to which it is
attached. A CA MUST only consider a property with the attached. A CA MUST only consider a property with the
"validationmethods" parameter to authorize issuance where the "validationmethods" parameter to authorize issuance where the
validation method being used is identified by one of the validation validation method being used is identified by one of the validation
method labels listed in the comma-separated list. method labels listed in the comma-separated list.
 End of changes. 5 change blocks. 
6 lines changed or deleted 6 lines changed or added

This html diff was produced by rfcdiff 1.47. The latest version is available from http://tools.ietf.org/tools/rfcdiff/