[cabfpub] Continuing the discussion on CAA
sleevi at google.com
Wed Oct 26 15:52:24 UTC 2016
On Oct 25, 2016 10:38 PM, "Eneli Kirme via Public" <public at cabforum.org>
> In practice CAA record are subject to be manipulated by UI provided by
DNS records management. We have no way to control it and once there is a
“default” listed for customer convenience then the damage for fair market
has been placed. Without actually much thinking customers make a business
decision of one area in the context of another without much thinking about
> Can we from CABForum somehow protect against such “defaults”?
This has been discussed rather at length over the past two years. In Rick's
slides from past meetings, you can find the discussion of differences
between Kirk Hall and I on this, with Gervase supporting the position I put
forward: No, we cannot.
I appreciate the concern, but I believe it is largely hypothetical, I
believe that as a concern it prevents real security without any
demonstrable risk, and should the situation ever arise in reality, we can
actually evaluate it rather than the hypothetical.
But I do want to highlight that this argument has been used against CAA
since 2011, as the archives show, was previously made by Kirk Hall, and
otherwise has prevented progress by raising the spectre of an issue without
any real evidence.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Public