caa_helper icon indicating copy to clipboard operation
caa_helper copied to clipboard
verified publisher icon SSLMate

autogenerate-API does not respect intermediate-specific CAA identifiers

Open brauckmann opened this issue 8 years ago • 1 comments

The autogenerate-feature currently does not respect intermediate-specific CAA identifiers. See also issue #39. It produces CAA RRs which are unusable for the users of intermediate CAs with specific CAA identifiers.

Test case: domain www.dfn.de currently auto-generates a CAA RR

www.dfn.de. CAA 0 issue "telesec.de"

It should generate:

www.dfn.de. CAA 0 issue "pki.dfn.de"

As this is done via api https://sslmate.com/caa/api/autogenerate/ which does not seem to be part of any public repository, its not possible to help with a patch.

brauckmann avatar Oct 05 '17 13:10 brauckmann

This is a known problem. Unfortunately, it won't be easy to fix until Mozilla starts collecting per-intermediate CAA information.

AGWA avatar Oct 17 '17 21:10 AGWA