CAA of the Wild: Supporting a New Standard

Cloudflare has removed the beta flag on DNS Certification Authority Authorization (CAA) Resource Record, allowing all users to add CAA records as they see fit without having to first contact support. The company began supporting the CAA in June 2017 behind a beta flag to observe how the presence of these records would affect SSL certificate issuance by publicly-trusted certification authorities. The beta period provided valuable insights into how CAA records have changed and will continue to change the commercial public-key infrastructure (PKI) ecosystem.