5.6. Abuse of the Critical Flag

5.6 Abuse of the Critical Flag

A CA could make use of the critical flag to trick customers into publishing records that prevent competing CAs from issuing certificates even though the customer intends to authorize multiple providers. This could happen if the customers were setting CAA records based on data provided by the CA rather than generating those records themselves.

In practice, such an attack would be of minimal effect, since any competent competitor that found itself unable to issue certificates due to lack of support for a Property marked critical should investigate the cause and report the reason to the customer. The customer will thus discover that they had been deceived.