[cabfpub] CAA concerns (and potential solutions)
rob.stradling at comodo.com
Fri Oct 28 15:00:55 UTC 2016
On 28/10/16 15:48, Gervase Markham via Public wrote:
> On 28/10/16 15:28, Tim Hollebeek via Public wrote:
>> There also appeared to be a misunderstanding on the call that the CAA
>> spec requires bottom up checking in order to adhere to the requirements
>> of the spec, and this would preclude checking the top element first.
>> This is false.
> https://datatracker.ietf.org/doc/rfc6844/?include_text=1 :
> "The search for a CAA record climbs the DNS name tree from the
> specified label up to but not including the DNS root '.'."
> I agree that in one sense that only says which records you look at in
> which order, not what order you fetch the candidate records in...
Neither does it say that you can't fetch all of the candidate records
Senior Research & Development Scientist
COMODO - Creating Trust Online
More information about the Public