Skip to content

Comments

Don't ignore unrecognized CAA parameters#8620

Draft
aarongable wants to merge 1 commit intomainfrom
stricter-caa-params
Draft

Don't ignore unrecognized CAA parameters#8620
aarongable wants to merge 1 commit intomainfrom
stricter-caa-params

Conversation

@aarongable
Copy link
Contributor

Note

This is a simpler alternative to #8616. Creating this PR as a draft for the sake of discussion.

If a CAA record contains any parameters which we don't recognize, we shouldn't simply ignore them. The parameters are likely there because the user wants some particular protection, and we might be violating their security expectations by ignoring that parameter.

This includes simply mis-capitalized versions of recognized parameters, such as "AccountURI" or "validationMethods". We do not see these mis-capitalizations in practice, so we do not expect this to be a breaking change for any existing users. By putting this in place now, we will prevent any future proliferation of accidentally-miscapitalized parameters.

Fixes #8614

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

caa issue/issuewild parameter tags: mixed-case accounturi/validationmethods treated as absent

1 participant