CAA extensions for account URI and method binding

sesh / ready

Are you production ready?

ISC License

26 stars 4 forks source link

CAA extensions for account URI and method binding #14

Closed Seirdy closed 11 months ago

Seirdy commented 11 months ago

IETF RFC

This allows a CAA record to not only control who is allowed to issue certificates, but also which ACME accounts may receive certificates and which domain validation methods are acceptable. Applicable if DNSSEC works.

Sample CAA record for seirdy.one:

letsencrypt.org; validationmethods=http-01; accounturi=https://acme-v02.api.letsencrypt.org/acme/acct/101166947

ready should check for this.

sesh commented 11 months ago

Implementing warnings for both missing accounturi and validationmethod for CAA records that contain "issue"