[lmz]

If this is now finally supported that's great. The issue was that for it to be useful it has to be marked critical / fail-closed, because a CA with ignored name constraint == an unrestricted CA. But if you make it critical, then clients who don't understand it will just fail. You can see how this doesn't help adoption.

[westurner]

It says "Proposed Standard" on the RFC; maybe that's why it's not widely implemented if that's the case?

https://bettertls.com/ has Name Constraints implementation validation tests, but "Archived Results" doesn't seem to have recent versions of SSL clients listed?

  nameConstraints=critical,

DNS Certification Authority Authorization: https://en.wikipedia.org/wiki/DNS_Certification_Authority_Au... :

> Registrants publish a "CAA" Domain Name System (DNS) resource record which compliant certificate authorities check for before issuing digital certificates.

And hopefully they require DNSSEC signatures and DoH/DoT/DoQ when querying for CAA records.

[lmz]

Name Constraints has been around at least since 1999 (RFC 2459).

I'm not sure why CAA is brought up here. I guess it is somewhat complementary in "reducing" the power of CAs, but it defends against good CAs misissuing stuff, not limiting the power of arbitrary CAs (as it's checked at issuance time, not at time of use).

[tptacek]

CAA does not require DNSSEC or DOH.