DNS Certification Authority Authorization

From Infogalactic: the planetary knowledge core
Jump to: navigation, search

DNS Certification Authority Authorization (CAA) uses the Internet's Domain Name System to specify which certificate authorities may be regarded as authoritative for a domain. This is intended to support additional cross-checking at the client end of TLS connections to attempt to prevent certificates issued by CAs other than the specified CAs from being used to spoof the identity of websites or perform man-in-the-middle attacks on them.

DNS Certification Authority Authorization is specified by RFC 6844, which designated a new "CAA" DNS RR type to carry name-value pairs that can carry a wide range of information to be used as part of the CA authorization process. Use of CAA, where available, to validate certificates is recommended, but not mandatory.[1]

As of 2016, CAA records are supported in the BIND DNS server,[2] the NSD authoritative DNS server (as of version 4.0.1),[3] and the Knot DNS server (since version 2.2.0).[4]

References

  1. Lua error in package.lua at line 80: module 'strict' not found.
  2. Lua error in package.lua at line 80: module 'strict' not found.
  3. Lua error in package.lua at line 80: module 'strict' not found.
  4. Lua error in package.lua at line 80: module 'strict' not found.

See also


<templatestyles src="Asbox/styles.css"></templatestyles>

Stub icon

This Internet-related article is a stub. You can help Wikipedia by expanding it.
Retrieved from "https://infogalactic.com/w/index.php?title=DNS_Certification_Authority_Authorization&oldid=719526523"