I suggest you ...

Add DNS CAA support to the DNS manager

I would like to see an implemention to support DNS CAA in DOs DNS controllpanel.

DNS Certification Authority Authorization (CAA) uses the Internet's Domain Name System to specify which certificate authorities may be regarded as authoritative for a domain. This is intended to support additional cross-checking at the client end of TLS connections to attempt to prevent certificates issued by CAs other than the specified CAs from being used to spoof the identity of websites or perform man-in-the-middle attacks on them.

If we would run a certain CA on our websites, we can specify that in our DNS settings and the security is enhanced for our website when it comes to possible MitM.

Thanks!

531 votes
Vote
Sign in
Check!
(thinking…)
Reset
or sign in with
  • facebook
  • google
    Password icon
    I agree to the terms of service
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    Tobias EhlertTobias Ehlert shared this idea  ·   ·  Flag idea as inappropriate…  ·  Admin →

    53 comments

    Sign in
    Check!
    (thinking…)
    Reset
    or sign in with
    • facebook
    • google
      Password icon
      I agree to the terms of service
      Signed in as (Sign out)
      Submitting...
      • Anonymous commented  ·   ·  Flag as inappropriate

        Any update other than "Gathering Feedback?" This "feature" is mandatory for TLS/SSL certificate issuance as of September 2017.

      • Alistair MacDonaldAlistair MacDonald commented  ·   ·  Flag as inappropriate

        This is really great news!! Thanks Rafael.

        > "We are working on a plan to deliver this feature. We don’t have an official announcement yet, but expect some updates soon. Thanks for your feedback and support."

      • Evgeni VachkovEvgeni Vachkov commented  ·   ·  Flag as inappropriate

        --- Email received today from DigitalOcean Support Team in response of my support request ---

        Hello Evgeni,

        Thank you for reaching out to us.

        I apologize for the inconvenience that this is causing, but at this time we do not have an ETA on when CAA will be supported. We appreciate your understanding on this and I am sorry that we haven't been able to provide you with more detailed information at this point.

        We would hate to see you go, but we also understand that you have business needs that need to be met. If we have any updates in regards to plans to support CAA, our product team will update the UserVoice page with any evolving information.

        I hope this information is helpful. Please let us know if you have any additional questions!

        Regards,

        Haley
        Platform Support Specialist
        DigitalOcean

      • Evgeni VachkovEvgeni Vachkov commented  ·   ·  Flag as inappropriate

        All, would reccomend everyone opens a ticket with Digital Ocean support team by end of this week. I am sure they will notice the 200+ support tickets coming all at once :-D

      • Anonymous commented  ·   ·  Flag as inappropriate

        +1

        less than 5 months left for DO to implement this. use becomes mandatory worldwide September 2017.

      • RonRon commented  ·   ·  Flag as inappropriate

        +1

        Especially since it will shortly (9/8/2017) become mandatory for CAs to check for a CAA record before issuing a cert. This will affect all of us who use LetsEncrypt issued certs since they are renewed every 90 days. Please implement DNS CAA records so we can all be compliant and safe. Thanks.

      ← Previous 1 3

      Feedback and Knowledge Base