← CABF Ballot Browser
SC-013 passed

Ballot SC013: CAA Contact Property and Associated E-mail Validation Methods

Server Certificate Working Group

Key dates

Voting opened
17 Dec 2018 7 years ago
Voting closed
24 Dec 2018 7 years ago
Discussion opened
10 Dec 2018 7 years ago
Discussion closed
17 Dec 2018 7 years ago

Resources

GitHub diff https://github.com/cabforum/documents/compare/Ballot-SC4---CAA-CONTACT-email?diff=unified&expand=1 https://github.com/cabforum/documents/compare/Ballot-SC4—CAA-CONTACT-email?diff=unified&expand=1

AI Summary

Generated 2026-06-23 21:24 UTC

Ballot outcome

  • Ballot SC013 passed.
  • The page states the voting period ended and the ballot passed.
  • Voting by Certificate Issuers: 20 yes, 1 no, 0 abstain, with 95% in favor.
  • Voting by Certificate Consumers: 4 yes, 0 no, 0 abstain, with 100% in favor.
  • The page states the bylaw approval requirements were met and quorum was met.

What the ballot changes

  • Adds new definitions for DNS CAA Email Contact and DNS TXT Record Email Contact.
  • Adds a new validation method, Email to DNS CAA Contact, which validates control of an FQDN by sending a Random Value by email to a DNS CAA Email Contact and receiving a confirming response.
  • Adds a new validation method, Email to DNS TXT Contact, which validates control of an FQDN by sending a Random Value by email to a DNS TXT Record Email Contact and receiving a confirming response.
  • Adds Appendix B, DNS Contact Properties, to let domain owners publish contact information in DNS for validating domain control.
  • Defines the CAA contactemail property and the DNS TXT record email contact format.

Validation and use rules

  • The Random Value must be unique in each email.
  • The email may be resent with the same Random Value only if the contents and recipients remain unchanged.
  • The Random Value remains valid for no more than 30 days from creation, unless the CPS specifies a shorter period.
  • A single email may confirm control of multiple FQDNs if each recipient address is a valid contact for each Authorization Domain Name being validated.
  • After validation, the CA may issue certificates for other FQDNs that end with all the labels of the validated FQDN.
  • The methods are suitable for validating Wildcard Domain Names.
  • The CAA contactemail property may be marked critical if the domain owner does not want CAs that do not understand it to issue certificates for the domain.
  • The DNS TXT record must be placed on the _validation-contactemail subdomain of the domain being validated.

Procedure and dates

  • Discussion period: 2018-12-10 17:30 Eastern to not before 2018-12-17 17:30 Eastern.
  • Vote for approval: 2018-12-17 19:00 Eastern to 2018-12-24 19:00 Eastern.
  • The page does not provide an explicit normative effective date for the requirements in the supplied evidence.
Model: gpt-5.4-mini Confidence: 0.98 Result: passed
Voting opened
2018-12-17
Voting closed
2018-12-24
Discussion opened
2018-12-10
Discussion closed
2018-12-17

AI-generated from the CABF ballot page. The official CABF article remains the authoritative source.

Vote result

0 Yes
0 No
0 Abstain

Proposers

Tim Hollebeek of DigiCert and endorsed by Bruce Morton of Entrust and Doug Beattie of GlobalSign.

Excerpt

SearchHome » All CA/Browser Forum Posts » Ballot SC013: CAA Contact Property and Associated E-mail Validation MethodsBallot SC013: CAA Contact Property and Associated E-mail Validation MethodsThe voting period for Ballot SC13 has ended and the Ballot has Passed. Here are the results:

View on cabforum.org → Last fetched 15 hours ago

We use only essential cookies and local browser storage for preferences and security. See our Privacy Policy for details.

Confirm action