[cabfpub] Ballot 187 - Make CAA Checking Mandatory
Doug Beattie
doug.beattie at globalsign.com
Thu Feb 23 12:56:15 UTC 2017
Rob,
That is good news, thanks. I'm looking forward to the additional information.
Doug
> -----Original Message-----
> From: Rob Stradling [mailto:rob.stradling at comodo.com]
> Sent: Thursday, February 23, 2017 6:23 AM
> To: CA/Browser Forum Public Discussion List <public at cabforum.org>; Doug
> Beattie <doug.beattie at globalsign.com>; Ryan Sleevi <sleevi at google.com>;
> Phillip Hallam-Baker <philliph at comodo.com>
> Subject: Re: [cabfpub] Ballot 187 - Make CAA Checking Mandatory
>
> On 22/02/17 22:40, Ryan Sleevi via Public wrote:
> > On Wed, Feb 22, 2017 at 2:32 PM, Doug Beattie via Public wrote:
> >
> > Several people have looked at RFC 6844 and have come away with
> > different interpretations of what the processing means, so I HIGHLY
> > recommend we include the CAA processing that MUST be performed so
> > there is no ambiguity and so it's clear for auditors. This includes
> > statements like:
> >
> >
> > Hi Doug,
> >
> > This is and remains problematic, and it doesn't seem the previous
> > feedback was addressed. This is a bit like the recent remarks Virginia
> > shared with offering interpretation of legal matters - while it's
> > meant well, it introduces new problems.
> >
> > Perhaps you would consider filing IETF errata on what you think is
> > unclear? I'm sensitive and appreciate the concern that technical
> > documents may be hard to understand, I think RFC5280 and the
> > (non-)compliance by CAs is ample evidence that no matter how
> > unambiguous things are, people will misinterpret and misunderstand.
>
> Doug, Ryan,
>
> I fully agree that https://tools.ietf.org/html/rfc6844#section-4 is confusing
> and needs to be revised.
>
> My understanding of the CAA algorithm has at times been flawed, even after
> seeking clarification from Phill. If a document confuses even its authors,
> then you know there's a problem!
>
> Last week Phill told me he would write an erratum for RFC6844 section 4 this
> week.
>
> --
> Rob Stradling
> Senior Research & Development Scientist
> COMODO - Creating Trust Online
More information about the Public
mailing list