[dns-operations] Browser and CA enforcement of CAA records?
Paul Hoffman
phoffman at proper.com
Wed May 24 15:04:36 UTC 2017
On 24 May 2017, at 7:24, Daniel Stirnimann wrote:
> Hi Andrew
>
> CAA record checks only apply for certificate issuance. Once it is
> issued
> this record has no effect. web browsers are also not checking CAA
> records. You might want to read:
> https://blog.qualys.com/ssllabs/2017/03/13/caa-mandated-by-cabrowser-forum
I think Andrew's question was not what are browsers supposed to do with
CAA, but what are they actually doing. I'm interested in that as well.
--Paul HOffman
More information about the dns-operations
mailing list