View Issue Details

IDProjectCategoryView StatusLast Update
0001432Main CAcert Websitesource codepublic2018-11-01 12:12
ReporterGuKKDevelAssigned ToGuKKDevel 
PrioritynormalSeverityfeatureReproducibilityhave not tried
Status needs feedbackResolutionopen 
Product Version 
Target VersionFixed in Version 
Summary0001432: since september, 8th, 2017 CAs must check DNS' CAA records
DescriptionDear Board,

since september, 8th, 2017 CAs must check DNS' CAA records. This decision was taken in spring 2017 by CA/Browser forum which CAcert is member of.

I can't see that this is already implemented in CAcert's signing software, therefore I would like to ask you to take care of.

.....
BR, Alex.
Additional Informationhttps://blog.qualys.com/ssllabs/2017/03/13/caa-mandated-by-cabrowser-forum

German:
https://www.golem.de/news/tls-zertifikate-zertifizierungsstellen-muessen-caa-records-pruefen-1709-129981.html
Tagsbrowser, certificates, domain, server certificates
Reviewed by
Test Instructions

Activities

GuKKDevel

2018-03-19 13:42

updater   ~0005579

Solution wont work on WINDOWS Server as
Parameter DNS_CAA is not defined at any Windows Server (date 2018-03-18) needed for PHP-function 'dns_get_record'
 * https://bugs.php.net/bug.php?id=75909

GuKKDevel

2018-04-05 14:01

updater   ~0005580

Mail from Benedict to Etienne:
<snip>
CAcert cannot be recorded as a full CA at the CABF, since it is not
according to WebTrust or ETSI 319 411. The CABF activities therefore only
affect CAcert if they will voluntarily submit to it. Working at CABF is
currently neither useful nor advisable due to the number of resources
available in CAcert.
<snip>

GuKKDevel

2018-11-01 12:12

updater   ~0005633

mail-correspondence:
https://lists.cacert.org/wws/arc/cacert-policy/2018-03/msg00000.html
https://lists.cacert.org/wws/arc/cacert-policy/2018-03/msg00001.html
https://lists.cacert.org/wws/arc/cacert-policy/2018-03/msg00002.html

Issue History

Date Modified Username Field Change
2018-03-11 11:19 GuKKDevel New Issue
2018-03-11 11:19 GuKKDevel Tag Attached: organisation assurance
2018-03-11 11:20 GuKKDevel Tag Attached: server certificates
2018-03-11 11:21 GuKKDevel Tag Attached: certificates
2018-03-11 11:21 GuKKDevel Tag Attached: browser
2018-03-11 11:21 GuKKDevel Tag Attached: domain
2018-03-11 11:21 GuKKDevel Tag Attached: html
2018-03-11 11:25 GuKKDevel View Status private => public
2018-03-19 13:39 GuKKDevel Tag Detached: organisation assurance
2018-03-19 13:39 GuKKDevel Tag Detached: html
2018-03-19 13:39 GuKKDevel Assigned To => GuKKDevel
2018-03-19 13:42 GuKKDevel Note Added: 0005579
2018-04-05 14:01 GuKKDevel Note Added: 0005580
2018-04-05 14:02 GuKKDevel Status new => needs feedback
2018-11-01 12:12 GuKKDevel Note Added: 0005633