Content deleted Content added
←Redirected page to List of DNS record types |
{{internet-stub}} created |
||
| Line 1: | Line 1: | ||
'''DNS Certification Authority Authorization''' uses the [[Internet]]'s [[Domain Name System]] to specify which [[Certificate Authority|Certificate Authorities]] may be regarded as authoritative for a domain. This is intended to prevent certificates issued by CAs other than the specified CAs from being used to spoof the identity of websites or perform [[man-in-the-middle attack]]s on them. |
|||
#REDIRECT [[List of DNS record types]] |
|||
DNS Certification Authority Authorization is specified by RFC 6844, which designates a "CAA" DNS RR type to carry name-value pairs that can carry a wide range of information to be used as part of the CA authorization process. Use of CAA, where available, to validate certificates is recommended, but not mandatory. |
|||
{{internet-stub}} |
|||
Revision as of 08:46, 7 May 2015
DNS Certification Authority Authorization uses the Internet's Domain Name System to specify which Certificate Authorities may be regarded as authoritative for a domain. This is intended to prevent certificates issued by CAs other than the specified CAs from being used to spoof the identity of websites or perform man-in-the-middle attacks on them.
DNS Certification Authority Authorization is specified by RFC 6844, which designates a "CAA" DNS RR type to carry name-value pairs that can carry a wide range of information to be used as part of the CA authorization process. Use of CAA, where available, to validate certificates is recommended, but not mandatory.