English

A Call to Reconsider Certification Authority Authorization (CAA)

Cryptography and Security 2026-02-06 v1 Networking and Internet Architecture

Abstract

Certification Authority Authentication (CAA) is a safeguard against illegitimate certificate issuance. We show how shortcomings in CAA concepts and operational aspects undermine its effectiveness in preventing certificate misissuance. Our discussion reveals pitfalls and highlights best practices when designing security protocols based on DNS.

Keywords

Cite

@article{arxiv.2411.07702,
  title  = {A Call to Reconsider Certification Authority Authorization (CAA)},
  author = {Pouyan Fotouhi Tehrani and Raphael Hiesgen and Thomas C. Schmidt and Matthias Wählisch},
  journal= {arXiv preprint arXiv:2411.07702},
  year   = {2026}
}

Comments

9 pages, 4 figures

R2 v1 2026-06-28T19:56:53.073Z