Re: Certificate Authority Authorization (CAA)

[Frank Barton <bartonf () HUSSON EDU>]

Nadim, YES, I also strongly setting up something to monitor Certificate
Transparency reports to monitor for certificates being issued

Frank

On Thu, Oct 1, 2020 at 2:55 PM Nadim El-Khoury <nel-khoury () springfield edu>
wrote:

> Hi Ken, Frank,
>
> Thank you for the feedback.
> Do you recommend that it gets implemented?
>
> Best,
>
> Nadim
>
> On Thu, Oct 1, 2020 at 1:32 PM Johnson, Ken <kenjohnson () letu edu> wrote:
>
> > We set one up a couple years back – we have it limited to our legacy
> > external CA provider as well as LetsEncrypt and have wildcards turned off.
> >
> >
> >
> > We used to have challenges with external providers wanting to be added
> > and we did some host-based CAA stuff that worked with extra effort – but
> > these days I think all our external vendors use LE so there aren’t really
> > any issues anymore.
> >
> >
> >
> > *Ken Johnson *
> >
> > Chief Information Officer
> >
> > [o] 903.233.3500
> >
> > [w] www.letu.edu *| *[t] @letuit
> > <https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Ftwitter.com%2Fletuit&data=02%7C01%7C%7C0eac38a07f824368e8b908d5fca3c6a4%7C97a5855489f64d5a9806dd0ee085d235%7C1%7C0%7C636692702694986109&sdata=eDbAGos5PRiB%2B6%2B1fIoxbE8l%2FHstj0zh61ZboGHIiIc%3D&reserved=0>
> >
> >
> >
> >
> >
> >
> >
> > *From:* The EDUCAUSE Security Community Group Listserv <
> > SECURITY () LISTSERV EDUCAUSE EDU> *On Behalf Of *Nadim El-Khoury
> > *Sent:* Monday, September 28, 2020 1:39 PM
> > *To:* SECURITY () LISTSERV EDUCAUSE EDU
> > *Subject:* [SECURITY] Certificate Authority Authorization (CAA)
> >
> >
> >
> > Hi Everyone,
> >
> >
> >
> > Has anyone setup Certificate Authority Authorization (CAA) for their
> > domain?
> >
> > If you did, did it work as expected or ran into issues?
> >
> >
> >
> > Best,
> >
> >
> >
> > Nadim
> >
> > **********
> > Replies to EDUCAUSE Community Group emails are sent to the entire
> > community list. If you want to reply only to the person who sent the
> > message, copy and paste their email address and forward the email reply.
> > Additional participation and subscription information can be found at
> > https://www.educause.edu/community
> > <https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.educause.edu%2Fcommunity&data=02%7C01%7Ckenjohnson%40LETU.EDU%7C91ecbe59b5624ab1fc6808d863ddda10%7C97a5855489f64d5a9806dd0ee085d235%7C1%7C1%7C637369151800212099&sdata=JB2rwKAT8RIWAWF6282rGbwEaxTVB79lrHPY9YlcHnc%3D&reserved=0>
> >
> > **********
> > Replies to EDUCAUSE Community Group emails are sent to the entire
> > community list. If you want to reply only to the person who sent the
> > message, copy and paste their email address and forward the email reply.
> > Additional participation and subscription information can be found at
> > https://www.educause.edu/community
> **********
> Replies to EDUCAUSE Community Group emails are sent to the entire
> community list. If you want to reply only to the person who sent the
> message, copy and paste their email address and forward the email reply.
> Additional participation and subscription information can be found at
> https://www.educause.edu/community


-- 
Frank Barton, MBA
Security+, ACMT, MCP
IT Systems Administrator
Husson University
PGP Key Fingerprint: 0249DC644EC78D2F6B5CD2C6C94D3EDB57946437

**********
Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the 
person who sent the message, copy and paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community