[cabfpub] no CAA authorizations -- RFC 6844
philliph at comodo.com
philliph at comodo.com
Thu Jun 22 14:47:15 UTC 2017
It was certainly the intention that presence of an issue prevents issue of wildcard certs.
I will re-read that section and report.
Meanwhile, I have had some comment on the discovery fixup and will rev that.
> On Jun 22, 2017, at 8:34 AM, Gervase Markham via Public <public at cabforum.org> wrote:
>
> On 22/06/17 06:42, y-iida--- via Public wrote:
>> <C> Likewise, when there are some relevant CAA records, but no
>> CAA with "issuewild" property tag at all for a certificate
>> domain, we will issue wildcard certificate for that domain.
>
> You should read RFC6844 carefully, but to my understanding, this is
> incorrect. If there is an "issue" property but no "issuewild" property,
> then the "issue" property also controls the issuance of wildcard certs.
> So you need to respect it in that case.
>
> Gerv
>
> _______________________________________________
> Public mailing list
> Public at cabforum.org
> https://cabforum.org/mailman/listinfo/public
More information about the Public
mailing list