DNS Certification Authority Authorization

DNS Certification Authority Authorization (CAA) is an Internet security policy mechanism for domain name registrants to indicate to certificate authorities whether they are authorized to issue digital certificates for a particular domain name. Registrants publish a "CAA" Domain Name System (DNS) resource record which compliant certificate authorities check for before issuing digital certificates.

CAA was drafted by computer scientists Phillip Hallam-Baker and Rob Stradling in response to increasing concerns about the security of publicly trusted certificate authorities. It is an Internet Engineering Task Force (IETF) proposed standard.