I think all you're looking for is the existing accounturi CAA parameter. If that doesn't match, then the CA wouldn't need to actually perform the request. I don't know if that actually lowers the burden on the CA in general, though, since they need to check the whole tree for CAA records, as opposed to just a single HTTP request for a AAAA or A record. Last I heard, Let's Encrypt checked CAA at the end of the process, rather than the beginning, since that was more efficient and simpler for them.
5 Likes