[dns-operations] Browser and CA enforcement of CAA records?

Paul Hoffman phoffman at proper.com
Wed May 24 15:04:36 UTC 2017

On 24 May 2017, at 7:24, Daniel Stirnimann wrote:

> Hi Andrew
> CAA record checks only apply for certificate issuance. Once it is 
> issued
> this record has no effect. web browsers are also not checking CAA
> records. You might want to read:
> https://blog.qualys.com/ssllabs/2017/03/13/caa-mandated-by-cabrowser-forum

I think Andrew's question was not what are browsers supposed to do with 
CAA, but what are they actually doing. I'm interested in that as well.

--Paul HOffman

More information about the dns-operations mailing list