Why was it decided to use a new record type of CAA instead of using TXT?
Using TXT to convey policies has been something that have been in use for a long time, for example “v=spf1 +mx -all”.
Same with SMTP-STS.
The main problem of introducing new record types is that DNS providers & web hosts need to implement support for these, both in their DNS servers and/or their web interfaces.
Using TXT for this, example: “v=caa1; f=128; t=issue; d=letsencrypt.org;”, gives the same advantages, but also the advantage that any DNS operator supporting TXT, will also support the new policy.
the record type 99 (SPF) was depreciated for this very reason.
You’d need to ask the IETF on that one if you’re looking for a definitive answer. It comes from this RFC: https://tools.ietf.org/html/rfc6844
I don’t have anything worth hazarding as a guess, but I do support the notion of not overloading the same record type with more standards.
It’s worth noting that if a provider follows existing specifications even before CAA, the introduction of CAA shouldn’t break anything. My understanding is that unknown record types should always have returned a NOERROR instead, which is not a failure condition for issuance. Plus, this has been a standard for 4 years now. It’s not like providers didn’t have time to implement this.
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.