[cabfpub] CAA concerns (and potential solutions)

Rob Stradling rob.stradling at comodo.com
Fri Oct 28 15:00:55 UTC 2016

On 28/10/16 15:48, Gervase Markham via Public wrote:
> On 28/10/16 15:28, Tim Hollebeek via Public wrote:
>> There also appeared to be a misunderstanding on the call that the CAA
>> spec requires bottom up checking in order to adhere to the requirements
>> of the spec, and this would preclude checking the top element first. 
>> This is false.
> https://datatracker.ietf.org/doc/rfc6844/?include_text=1 :
>    "The search for a CAA record climbs the DNS name tree from the
>    specified label up to but not including the DNS root '.'."
> I agree that in one sense that only says which records you look at in
> which order, not what order you fetch the candidate records in...

Neither does it say that you can't fetch all of the candidate records
concurrently.  ;-)

Rob Stradling
Senior Research & Development Scientist
COMODO - Creating Trust Online

More information about the Public mailing list