From 675a11550b41cb3c3e7a48d82a09cb51bfe53cfa Mon Sep 17 00:00:00 2001 From: Jacob Hoffman-Andrews Date: Mon, 26 Mar 2018 16:40:51 -0700 Subject: [PATCH] Clarify RRsets with no issue/issuewild. --- draft-ietf-lamps-rfc6844bis.md | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/draft-ietf-lamps-rfc6844bis.md b/draft-ietf-lamps-rfc6844bis.md index ef535f9..054baa9 100644 --- a/draft-ietf-lamps-rfc6844bis.md +++ b/draft-ietf-lamps-rfc6844bis.md @@ -480,6 +480,11 @@ CAA authorizations are additive; thus, the result of specifying both the empty issuer and a specified issuer is the same as specifying just the specified issuer alone. +A non-empty CAA record set that contains no issue or issuewild property tags +is authorization to any certificate issuer to issue for the corresponding +domain, provided that no records in the CAA record set otherwise prohibit +issuance. + An issuer MAY choose to specify issuer-parameters that further constrain the issue of certificates by that issuer, for example, specifying that certificates are to be subject to specific validation