I published the following diary on isc.sans.edu: “Quick Status of the CAA DNS Record Adoption“:
In 2017, we already published a guest diary about “CAA” or “Certification Authority Authorization”. I was curious about the status of this technique and the adoption level in 2020. Has it been adopted massively since this diary? The initial RFC describing CAA has been issued in 2013 (RFC6844). Since 2019, it is obsolete and has been replaced by RFC8659. Just a quick reminder about the purpose of this DNS record. It is used to specify which certificate authority(ies) (CAs) is(are) allowed to issue certificates for a domain… [Read more]