Priority on RFC8657 ACME CAA Restrictions?

biggoose · October 15, 2021, 7:04pm

Hi All,

In one of the Issuance Policy Threads earlier this summer, it was discussed that there are no longer any CAB Forum or RFC ambiguity issues holding up the implementation of the validationmethods or accounturi CAA Constraints outlined in RFC8657 for the L.E. Production environment.

I know that you have this running in the Staging environment already. After things calm down from the root cert expiration, where do you see this falling in the priority hierarchy? Having that extra security around limiting the accounturi and validationmethods allowed to be used in the certificate request and issuance processes for our domains would be reassuring. Any rough target dates yet?

JamesLE · October 16, 2021, 2:38am

I'm afraid that thread is still our most recent update, but we're eager to enable this feature; we definitely haven't forgotten.

system · November 15, 2021, 2:38am

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
RFC 8657 CAA extension in production Issuance Policy	2	1670	July 25, 2021
PROD Support for RFC8657 CAA constraints for accountURI and validationmethods Feature Requests	23	2201	August 22, 2022
Re: Enabling ACME CAA Account and Method Binding Praise	26	2194	January 17, 2023
Enabling ACME CAA Account and Method Binding API Announcements	2	13179	December 16, 2022
Issue certificates only to specific agent keys Feature Requests	9	855	October 14, 2022

Priority on RFC8657 ACME CAA Restrictions?

Related Topics