Ballot SC004: CAA Contact Property and Associated E-mail Validation Method

Ballot overview

• Ballot SC004 proposed adding a CAA contactemail property and an associated email-based domain validation method to the Baseline Requirements.
• The ballot page says the ballot was in the review period for more than 21 days and voting did not start, so the ballot failed under section 2.3c of the Bylaws.
• The page also says the motion was proposed by Tim Hollebeek of DigiCert and endorsed by Bruce Morton of Entrust and Doug Beattie of GlobalSign.

Proposed technical changes

• Add a new section for Email to DNS CAA Contact.
• Allow a CA to confirm applicant control of an FQDN by sending a Random Value by email to an address identified as a CAA contactemail property record.
• Allow one email to confirm control of multiple FQDNs when the DNS contactemail address is the same for each ADN being validated.
• Require the Random Value to be unique in each email, valid for no more than 30 days from creation, and optionally subject to a shorter CPS-defined validity period.
• Allow the email to be resent in full with the same Random Value only if the contents and recipient remain unchanged.
• State that once an FQDN is validated using this method, the CA may issue certificates for other FQDNs that end with all the labels of the validated FQDN.
• State that the method is suitable for validating wildcard domain names.
• Add Appendix B content defining DNS Contact Properties and the contactemail property.
• Require the contactemail parameter to be a valid RFC 6532 section 3.2 email address with no additional padding or structure.

Procedure and dates

• Discussion start: 2018-10-10 3:50pm Eastern
• Discussion end: Not before 2018-10-17 3:50pm Eastern
• Vote for approval start: TBD
• Vote for approval end: TBD

Outcome

• The ballot failed because voting did not start during the review period.
• No normative compliance date took effect because the ballot failed.