A First Look at Certification Authority Authorization (CAA)

  title={A First Look at Certification Authority Authorization (CAA)},
  author={Quirin Scheitle and Taejoong Chung and Jens Hiller and Oliver Gasser and J. Naab and R. V. Rijswijk-Deij and O. Hohlfeld and Ralph Holz and D. Choffnes and A. Mislove and G. Carle},
  journal={Comput. Commun. Rev.},
Shaken by severe compromises, the Web’s Public Key Infrastructure has seen the addition of several security mechanisms over recent years. One such mechanism is the Certification Authority Authorization (CAA) DNS record, that gives domain name holders control over which Certification Authorities (CAs) may issue certificates for their domain. First defined in RFC 6844, adoption by the CA/B forum mandates that CAs validate CAA records as of September 8, 2017. The success of CAA hinges on the… Expand
An empirical survey on the early adoption of DNS certification authority authorization
AuthLedger: A Novel Blockchain-based Domain Name Authentication Scheme
Domain Impersonation is Feasible: A Study of CA Domain Validation Vulnerabilities
The Rise of Certificate Transparency and Its Implications on the Internet Ecosystem