Issue #7802: [RFE] Add CAA support in FreeIPA DNS - freeipa

freeipa

#7802 [RFE] Add CAA support in FreeIPA DNS

Closed: duplicate 5 years ago Opened 5 years ago by internux.

Request for enhancement

As an admin, I would like to be able to limit the valid Certificate Authorities using the DNS record "CAA": https://en.wikipedia.org/wiki/DNS_Certification_Authority_Authorization

This record type allows to list the allowed authority for a given name, providing another way to ensure no one can actually fake the website/service, especially when we use DNSSEC for the zone file in order to avoid spoofing/poisoning

Thank you!

cheimes commented 5 years ago

CAA is defined in https://tools.ietf.org/html/rfc6844 .

bind-dyndns-ldap doesn't support CAA records yet. The LDAP attribute definition should look like this:

attributeTypes: ( 1.3.6.1.4.1.2428.20.1.257 
 NAME 'CAARecord' 
 DESC 'Certification Authority Restriction, RFC 6844'
 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 
 EQUALITY caseIgnoreIA5Match 
 SUBSTR caseIgnoreIA5SubstringsMatch )

rcritten commented 5 years ago

Duplicate of https://pagure.io/freeipa/issue/7392

Metadata Update from @rcritten:
- Issue close_status updated to: duplicate
- Issue status updated to: Closed (was: Open)

5 years ago

Metadata

Assignee

None

Tags

None

Blocking

None

Depending on

None

Priority

None

Milestone

None

affects_doc

None

source

None

knownissue

None

type

None

blockedby

None

test_case

None

component

None

blocking

None

on_review

None

keywords

None

test_coverage

None

reviewer

None

external_tracker

None

rhbz

None

tester

None

changelog

None

design

None

freeipa

Source Code

#7802 [RFE] Add CAA support in FreeIPA DNS Closed: duplicate 5 years ago Opened 5 years ago by internux.

Request for enhancement

Metadata

#7802 [RFE] Add CAA support in FreeIPA DNS

Closed: duplicate 5 years ago Opened 5 years ago by internux.