[cabfpub] Ballot 187 - Make CAA Checking Mandatory

Gervase Markham gerv at mozilla.org
Tue Feb 28 09:37:48 UTC 2017

On 27/02/17 21:23, Ryan Sleevi via Public wrote:
>      1. As discussed on Twitter with Gerv and Jacob, there's no easy or
>         unambiguous way to automate this lookup. Relatedly, I am a fan
>         of Ryan's suggestion on making the CPS be machine-readable so
>         these CAA values can be extracted by code rather than humans.

I wonder whether making all CPSes machine-readable is a bit of overkill.

I've been pondering the need for a central registry of security contact
information for CAs. Perhaps that could also have a column for the
domain names that CA recognises as permitting it to issue when present
in a CAA record. It shouldn't be too hard to make this list human-readable.

We will seek this information for each CA in our program using our next
CA Communication.


More information about the Public mailing list