Should CAA check recurse?
AndyA opened this issue · 2 comments
AndyA commented
According to RFC 6844 a certificate authority should search up the DNS hierarchy for a CAA record:
https://tools.ietf.org/html/rfc6844#page-7
Currently twa only checks the actual domain name.
woodruffw commented
Yes, definitely! That's a bug.
I'll get around to it at some point, but a PR would be greatly appreciated