2

Buypass not sending CAA violation reports (IODEF)

Hi,

In the Buypass documentation on CAA, it says that Buypass will send reports via email in IODEF format when a CAA policy violation occurs:

Buypass uses iodef and will report certificate applications for which Buypass is not authorised by using the email address in the mailto: element in iodef.

The exact part that I am referencing is this page, right at the bottom of the "How CAA Works" section.

However, despite attempting to issue multiple Buypass certificates that are in violation of my domain's CAA policy, I have not received a CAA violation report.

The FQDN that I attempted to issue the certificates for is `test.jamiescaife.uk`, which has the following CAA policy (raw DNS records):

test.jamiescaife.uk.    120    IN    CAA    0 issue ";"
test.jamiescaife.uk.    120    IN    CAA    0 iodef "mailto:jamie@jamieweb.net"

Please could anybody advise as to whether Buypass does actually support CAA violation reporting via email as is noted in the documentation?

Would it also be possible for an IODEF schema to be published, to make it easier for reports to be processed automatically?

I am carrying out research on CAA, and I was attracted to Buypass specifically because you are reportedly one of the very few CAs who send CAA violation reports.

Thanks for your help,

Jamie

8replies Oldest first
  • Oldest first
  • Newest first
  • Active threads
  • Popular
    • maov
    • maov
    • 4 yrs ago
    • Reported - view

    Hello.  Sorry for the issue you are experiencing.
    Initial survey in our systems shows that your requests on the 9th and 10th of February was denied on the basis of a not authorized CAA status.

    Why you have not received a mail I can't currently answer, and I've forwarded this issue to the rest of the ACME team and flagged it as a prioritised issue.

    Best regards Magnus

    Like
  • Bug is registered. There is a problem with sending out the actual email in the case of CAA reject where iodef is set.

     

    -Mats

    Like
  • Thank you for confirming the bug.

    Are you also able to provide me with an IODEF schema to allow for the automated handling of reports? Or even just an example report in IODEF format?

    Like
      • maov
      • maov
      • 4 yrs ago
      • Reported - view

      Jamie Scaife We've now posted the template here.

      https://community.buypass.com/t/h7hqcpz

      Like
    • Magnus That's brilliant, thank you.

      Do you have any plans to send reports in IODEF format, as is defined in the CAA specification? I'd really like to see this including a published schema if possible.

      Having a template specifically for Buypass is great, but this is not scalable for automatic processing, as each CA will have their own template format.

      Like
    • Hi Jamie Scaife 

       

      We do not currently have any plans to send IODEF incident reports as defined in the CAA specification. However, as this could have value for the wider ecosystem, we will add this as a feature that we should support.

       

      Regards,

      Andriy

      Like 1
  • This bug is now fixed. It is released to our test and production environment today.

    -Mats

    Like
    • Mats Kongssund Brilliant, thank you. :)

      Like 1
Like2
  • Status Answered
  • 2 Likes
  • 4 yrs agoLast active
  • 8Replies closed
  • 298Views
  • 4 Following

Buypass Official Community

This is the official community of Buypass.  A Root CA located in Norway.

Sign-up using free email domains have been blocked due to increased spam. https://community.forumbee.com/t/63zsyt/blocked-email-domains