Acme CAA Extensions to Become Mandatory
The CA/Browser Forum has voted to make ACME CAA extensions mandatory starting in March 2027. This change aims to enhance cryptographic validation for certificate issuance, particularly for high-profile websites. The article discusses the importance of combining DNSSEC, ACME, and CAA to improve security in Web PKI.
- ▪The CA/Browser Forum's decision will require ACME CAA extensions to be implemented by March 2027.
- ▪This change is intended to provide stronger cryptographic validation for high-profile websites.
- ▪The article emphasizes the need for robust security measures in Web PKI, particularly through the integration of DNSSEC and CAA.
Opening excerpt (first ~120 words) tap to expand
Cryptography & Security Newsletter 137 ACME CAA Extensions to Become Mandatory 28 May 2026 Feisty Duck’s Cryptography & Security Newsletter is a periodic dispatch bringing you commentary and news surrounding cryptography, security, privacy, SSL/TLS, and PKI. It's designed to keep you informed about the latest developments in this space. Enjoyed every month by more than 50,000 subscribers. Written by Ivan Ristić. The CA/Browser Forum has voted to make ACME CAA extensions mandatory starting in March 2027. This change is one of the last remaining pieces needed to support strong, cryptographically-validated domain validation in Web PKI.
…
Excerpt limited to ~120 words for fair-use compliance. The full article is at Feistyduck.
Discussion
0 commentsMore from Feistyduck
