{"draft":"draft-ietf-lamps-caa-issuemail-07","doc_id":"RFC9495","title":"Certification Authority Authorization (CAA) Processing for Email Addresses","authors":["C. Bonnell"],"format":["HTML","TEXT","PDF","XML"],"page_count":"8","pub_status":"PROPOSED STANDARD","status":"PROPOSED STANDARD","source":"Limited Additional Mechanisms for PKIX and SMIME","abstract":"The Certification Authority Authorization (CAA) DNS resource record\r\n(RR) provides a mechanism for domains to express the allowed set of\r\nCertification Authorities that are authorized to issue certificates\r\nfor the domain.  RFC 8659 contains the core CAA specification, where\r\nProperty Tags that restrict the issuance of certificates that certify\r\ndomain names are defined.  This specification defines a Property Tag\r\nthat grants authorization to Certification Authorities to issue\r\ncertificates that contain the id-kp-emailProtection key purpose in\r\nthe extendedKeyUsage extension and at least one rfc822Name value or\r\notherName value of type id-on-SmtpUTF8Mailbox that includes the\r\ndomain name in the subjectAltName extension.","pub_date":"October 2023","keywords":["caa","certification authority authorization","email address"],"obsoletes":[],"obsoleted_by":[],"updates":[],"updated_by":[],"see_also":[],"doi":"10.17487\/RFC9495","errata_url":null}