DNS Certification Authority Authorization (CAA) is an

Internet security Internet security is a branch of computer security. It encompasses the Internet, browser security, web site security, and network security as it applies to other applications or operating systems as a whole. Its objective is to establish rules ...

policy mechanism that allows

domain name A domain name is a string that identifies a realm of administrative autonomy, authority or control within the Internet. Domain names are often used to identify services provided through the Internet, such as websites, email services and more. As ...

holders to indicate to certificate authorities whether they are authorized to issue

digital certificates Digital usually refers to something using discrete digits, often binary digits. Technology and computing Hardware *Digital electronics, electronic circuits which operate using digital signals **Digital camera, which captures and stores digital i ...

for a particular

. It does this by means of a new "CAA"

Domain Name System The Domain Name System (DNS) is a hierarchical and distributed naming system for computers, services, and other resources in the Internet or other Internet Protocol (IP) networks. It associates various information with domain names assigned t ...

(DNS)

resource record The Domain Name System (DNS) is a hierarchical and distributed naming system for computers, services, and other resources in the Internet or other Internet Protocol (IP) networks. It associates various information with domain names assigned t ...

. It was drafted by computer scientists

Phillip Hallam-Baker Phillip Hallam-Baker is a computer scientist, mostly known for contributions to Internet security, since the design of HTTP at CERN in 1992. Self-employed since 2018 as a consultant and expert witness in court cases, he previously worked at Comod ...

and Rob Stradling in response to increasing concerns about the security of publicly trusted certificate authorities. It is an

Internet Engineering Task Force The Internet Engineering Task Force (IETF) is a standards organization for the Internet and is responsible for the technical standards that make up the Internet protocol suite (TCP/IP). It has no formal membership roster or requirements and a ...

(IETF)

proposed standard In computer network A computer network is a set of computers sharing resources located on or provided by network nodes. The computers use common communication protocols over digital interconnections to communicate with each other. The ...

Background

A series of incorrectly issued certificates from 2001 onwards damaged trust in publicly trusted certificate authorities, and accelerated work on various security mechanisms, including Certificate Transparency to track mis-issuance, HTTP Public Key Pinning and DANE to block mis-issued certificates on the

client-side Client-side refers to operations that are performed by the client in a client–server relationship in a computer network. General concepts Typically, a client is a computer application, such as a web browser, that runs on a user's local comput ...

, and CAA to block mis-issuance on the certificate authority side. The first draft of CAA was written by

and Rob Stradling, and submitted as an IETF Internet Draft in October 2010. This was progressively improved by the PKIX Working Group, and approved by the IESG as , a

Proposed Standard In computer network A computer network is a set of computers sharing resources located on or provided by network nodes. The computers use common communication protocols over digital interconnections to communicate with each other. The ...

, in January 2013.

CA/Browser Forum The Certification Authority Browser Forum, also known as the CA/Browser Forum, is a voluntary consortium of certification authorities, vendors of Internet browser and secure email software, operating systems, and other PKI-enabled applications t ...

discussion began shortly afterward, and in March 2017 they voted in favor of making CAA implementation mandatory for all certificate authorities by September 2017. At least one certificate authority, Comodo, failed to implement CAA before the deadline. A 2017 study by the

Technical University of Munich The Technical University of Munich (TUM or TU Munich; german: Technische Universität München) is a public research university in Munich, Germany. It specializes in engineering, technology, medicine, and applied and natural sciences. Establis ...

found many instances where certificate authorities failed to correctly implement some part of the standard. In September 2017, Jacob Hoffman-Andrews submitted an Internet Draft intended to simplify the CAA standard. This was improved by the LAMPS Working Group, and approved as , a Proposed Standard, in November 2019. ,

Qualys Qualys, Inc. provides cloud security, compliance and related services and is based in Foster City, California. Qualys provides vulnerability management solutions using a "software as a service" (SaaS) model. It has added cloud-based compliance a ...

reports that still, only 6.8% of the 150,000 most popular TLS-supporting websites use CAA records.

Record

Certificate authorities implementing CAA perform a DNS lookup for CAA

s, and if any are found, ensure that they are listed as an authorized party before issuing a

digital certificate In cryptography, a public key certificate, also known as a digital certificate or identity certificate, is an electronic document used to prove the validity of a public key. The certificate includes information about the key, information about the ...

. Each CAA resource record consists of the following components: ; flag : A flags byte which implements an

extensible Extensibility is a software engineering and systems design principle that provides for future growth. Extensibility is a measure of the ability to extend a system and the level of effort required to implement the extension. Extensions can be t ...

signaling system for future use. , only the ''issuer critical'' flag has been defined, which instructs certificate authorities that they must understand the corresponding property tag before issuing a certificate. This flag allows the protocol to be extended in the future with mandatory extensions, similar to critical extensions in X.509 certificates. ; tag :One of the following property: :; issue: This property authorizes the holder of the domain specified in associated property value to issue certificates for the domain for which the property is published. :; issuewild :This property acts like ''issue'' but only authorizes the issuance of

wildcard certificate In computer networking, a wildcard certificate is a public key certificate which can be used with multiple sub-domains of a domain. The principal use is for securing web sites with HTTPS, but there are also applications in many other fields. Co ...

s, and takes precedence over the ''issue'' property for wildcard certificate requests. :; iodef : This property specifies a method for certificate authorities to report invalid certificate requests to the domain name holder using the Incident Object Description Exchange Format. , not all certificate authorities support this tag, so there is no guarantee that all certificate issuances will be reported. :; contactemail : Increasingly, contact information is not available in WHOIS due to concerns about potential GDPR violations. This property allows domain holders to publish contact information in DNS. :; contactphone : As above, for phone numbers. ; value: The value associated with the chosen property tag. The lack of any CAA records authorizes normal unrestricted issuance, and the presence of a single blank ''issue'' tag disallows all issuance. Third parties monitoring certificate authority behavior might check newly issued certificates against the domain's CAA records. states; CAA records MAY be used by Certificate Evaluators as a possible indicator of a security policy violation. Such use SHOULD take into account the possibility that published CAA records changed between the time a certificate was issued and the time at which the certificate was observed by the Certificate Evaluator.

Extensions

specifies "accounturi" and "validationmethods" parameters which allow users to specify desired methods of domain control validation as defined in ACME protocol. For example, website administrator can bind a domain they control to particular account registered with their desired Certification Authority.

History

A draft of the first extension to the CAA standard was published on October 26, 2016, proposing a new ''account-uri'' token to the end of the ''issue'' property, which ties a domain to a specific Automated Certificate Management Environment account. This was amended on August 30, 2017, to also include a new ''validation-methods'' token, which ties a domain to a specific validation method, and then further amended on June 21, 2018, to remove the hyphen in ''account-uri'' and ''validation-methods'' making them instead ''accounturi'' and ''validationmethods''.

Examples

To indicate that only the certificate authority identified by ''ca.example.net'' is authorized to issue certificates for

example.com The domain names example.com, example.net, example.org, and example.edu are second-level domain names in the Domain Name System of the Internet. They are reserved by the Internet Assigned Numbers Authority (IANA) at the direction of the Internet ...

and all subdomains, one may use this CAA record: example.com. IN CAA 0 issue "ca.example.net" To disallow any certificate issuance, one may allow issuance only to an empty issuer list: example.com. IN CAA 0 issue ";" To indicate that certificate authorities should report invalid certificate requests to an

email address An email address identifies an email box to which messages are delivered. While early messaging systems used a variety of formats for addressing, today, email addresses follow a set of specific rules originally standardized by the Internet Engineer ...

and a Real-time Inter-network Defense endpoint:

example.com.  IN  CAA 0 iodef "mailto:security@example.com"
example.com.  IN  CAA 0 iodef "http://iodef.example.com/"

To use a future extension of the protocol, for example, one which defines a new ''future'' property, which needs to be understood by the certificate authority before they can safely proceed, one may set the ''issuer critical'' flag: example.com. IN CAA 0 issue "ca.example.net" example.com. IN CAA 128 future "value"

Known compliance incidents

In 2017, Camerfirma was found to improperly validate CAA records. Camerfirma claimed to have misunderstood the

Baseline Requirements describing CAA validation. In early 2020,

Let's Encrypt Let's Encrypt is a non-profit certificate authority run by Internet Security Research Group (ISRG) that provides X.509 certificates for Transport Layer Security (TLS) encryption at no charge. It is the world's largest certificate authority, used ...

disclosed that their software improperly queried and validated CAA records potentially affecting over 3 million certificates. Let's Encrypt worked with customers and site operators to replace over 1.7 million certificates, but decided not to revoke the rest to avoid client downtime and since the affected certificates would all expire in less than 90 days.

References

External links

*
List of CA identifiers for use in CAA records
at Common CA Database {{SSL/TLS Transport Layer Security Domain Name System