View Issue Details
| ID | Project | Category | View Status | Date Submitted | Last Update |
|---|---|---|---|---|---|
| 0001432 | Main CAcert Website | source code | public | 2018-03-11 11:19 | 2020-05-22 11:31 |
| Reporter | GuKKDevel | Assigned To | GuKKDevel | ||
| Priority | normal | Severity | feature | Reproducibility | have not tried |
| Status | needs feedback | Resolution | open | ||
| Summary | 0001432: since september, 8th, 2017 CAs must check DNS' CAA records | ||||
| Description | Dear Board, since september, 8th, 2017 CAs must check DNS' CAA records. This decision was taken in spring 2017 by CA/Browser forum which CAcert is member of. I can't see that this is already implemented in CAcert's signing software, therefore I would like to ask you to take care of. ..... BR, Alex. | ||||
| Additional Information | https://blog.qualys.com/ssllabs/2017/03/13/caa-mandated-by-cabrowser-forum German: https://www.golem.de/news/tls-zertifikate-zertifizierungsstellen-muessen-caa-records-pruefen-1709-129981.html | ||||
| Tags | browser, certificates, domain, server certificates | ||||
| Reviewed by | |||||
| Test Instructions | |||||
|
|
Solution wont work on WINDOWS Server as Parameter DNS_CAA is not defined at any Windows Server (date 2018-03-18) needed for PHP-function 'dns_get_record' * https://bugs.php.net/bug.php?id=75909 |
|
|
Mail from Benedict to Etienne: <snip> CAcert cannot be recorded as a full CA at the CABF, since it is not according to WebTrust or ETSI 319 411. The CABF activities therefore only affect CAcert if they will voluntarily submit to it. Working at CABF is currently neither useful nor advisable due to the number of resources available in CAcert. <snip> |
|
|
mail-correspondence: https://lists.cacert.org/wws/arc/cacert-policy/2018-03/msg00000.html https://lists.cacert.org/wws/arc/cacert-policy/2018-03/msg00001.html https://lists.cacert.org/wws/arc/cacert-policy/2018-03/msg00002.html |
| Date Modified | Username | Field | Change |
|---|---|---|---|
| 2018-03-11 11:19 | GuKKDevel | New Issue | |
| 2018-03-11 11:19 | GuKKDevel | Tag Attached: organisation assurance | |
| 2018-03-11 11:20 | GuKKDevel | Tag Attached: server certificates | |
| 2018-03-11 11:21 | GuKKDevel | Tag Attached: certificates | |
| 2018-03-11 11:21 | GuKKDevel | Tag Attached: browser | |
| 2018-03-11 11:21 | GuKKDevel | Tag Attached: domain | |
| 2018-03-11 11:21 | GuKKDevel | Tag Attached: html | |
| 2018-03-11 11:25 | GuKKDevel | View Status | private => public |
| 2018-03-19 13:39 | GuKKDevel | Tag Detached: organisation assurance | |
| 2018-03-19 13:39 | GuKKDevel | Tag Detached: html | |
| 2018-03-19 13:39 | GuKKDevel | Assigned To | => GuKKDevel |
| 2018-03-19 13:42 | GuKKDevel | Note Added: 0005579 | |
| 2018-04-05 14:01 | GuKKDevel | Note Added: 0005580 | |
| 2018-04-05 14:02 | GuKKDevel | Status | new => needs feedback |
| 2018-11-01 12:12 | GuKKDevel | Note Added: 0005633 |
