@article{thsw-crcaa-25,
  author = {Pouyan Fotouhi Tehrani and Raphael Hiesgen and Thomas C. Schmidt and Matthias W{\"a}hlisch},
  title = {{A Call to Reconsider Certification Authority Authorization (CAA)}},
  journal = {IEEE Security \& Privacy},
  pages = {},
  volume = {},
  number = {},
  year = {2025},
  abstract = {Certification Authority Authentication (CAA) is a safeguard against illegitimate certificate issuance. We show how shortcomings in CAA concepts and operational aspects undermine its effectiveness in preventing certificate misissuance. Our discussion reveals pitfalls and highlights best practices when designing security protocols based on DNS.},
  doi = {10.1109/MSEC.2025.3531232},
  url = {https://doi.org/10.1109/MSEC.2025.3531232},
  file = {../papers/thsw-crcaa-25.pdf},
  theme = {nsec|imeasurement|nmgmt},
  note = {accepted for publication},
}