Skip to content

Commit

Permalink
Addresses cabforum#242 creating an exception for .onion domains, us…
Browse files Browse the repository at this point in the history 
…ing existing language from the opening section of 3.2.2.4.
  • Loading branch information
@dzacharo
dzacharo committed Jan 10, 2022
1 parent 3d30f6d commit cd275cb
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion docs/BR.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -986,7 +986,7 @@ Databases maintained by the CA, its owner, or its affiliated companies do not qu

#### 3.2.2.8 CAA Records

As part of the issuance process, the CA MUST check for CAA records and follow the processing instructions found, for each `dNSName` in the `subjectAltName` extension of the certificate to be issued, as specified in RFC 8659. If the CA issues, they MUST do so within the TTL of the CAA record, or 8 hours, whichever is greater.
When the FQDN does not contain "onion" as the rightmost Domain Label, as part of the issuance process, the CA MUST check for CAA records and follow the processing instructions found, for each `dNSName` in the `subjectAltName` extension of the certificate to be issued, as specified in RFC 8659. If the CA issues, they MUST do so within the TTL of the CAA record, or 8 hours, whichever is greater.

This stipulation does not prevent the CA from checking CAA records at any other time.

Expand Down

0 comments on commit cd275cb

Please sign in to comment.