Sign in
Create Account
Domain owners can now publish phone numbers in CAA DNS records to perform validation
The CA / B Forum, the SSL industry regulator, adopted Ballot SC19 by a majority of votes. Domain owners can now publish phone numbers in the CAA DNS records, which is used to perform validation.
The «Baseline Requirements for the Issuance and Management of Publicly-Trusted Certificates» have been changed, which we will discuss at a later date.
Added section 3.2.2.4.17
This section defines the rules for phone communications over the number defined in the DNS CAA records.
According to section 3.2.2.4.17, the certification authority can confirm the applicant’s control over the domain name by making a call to the number specified in the DNS CAA. During the phone call, several domain names can be confirmed if the same phone number was specified for them.
Also, the validation of the domain name can be carried out via voicemail - for this, the certification authority sends the verification random value, which must be returned to the authority in order to pass the verification. A random value should be valid no more than 30 days from the moment of its creation.
The method is also suitable for validation of Wildcard domains.
Added section B.1.2.
This section describes the CAA contact phone property and its syntax. The property takes the value of the phone number. The value should be a global number, as defined in section 5.1.4 of RFC 3966. Global numbers start with a “+” symbol and include a country code. Also numbers can contain visual separators.
Example:
$ORIGIN example.com.
CAA 0 contactphone “+1 (555) 123-4567”
Subscribe to our updates to keep informed of the latest news from the world of SSL and online security.
