New Mandatory CAA Checking on the Horizon
Certification Authority Authorization (CAA) allows a domain owner to specify in their DNS or DNSSec which Certification Authority (CA) is authorized to issue certificates to their domain. The new CAA policy has now been defined by the CA/Browser forum and is scheduled to take effect September 8, 2017. CAA may be the best way to protect domain owners from having fraudulent certificates issued in their domain name. This has become increasingly important with the proliferation of unauthorized DV certificates.