[cabfpub] Results on Ballot 187 - Make CAA Checking Mandatory
Ryan Sleevi
sleevi at google.com
Wed Mar 15 18:42:10 UTC 2017
On Wed, Mar 15, 2017 at 2:17 PM, Rick Andrews via Public <
public at cabforum.org> wrote:
> Gerv,
>
> There's another "bug" that I hope you'll consider clarifying regarding
> iodef
> records.
>
> Part of the ballot says "CAs MUST process the issue, issuewild, and iodef
> property tags"
>
> Another part says " CAs... SHOULD dispatch reports of such issuance
> requests
> to the contact(s) stipulated in the CAA iodef record(s), if present."
>
> I assume you meant that CAs MUST dispatch reports to the contacts in iodef
> records, otherwise "processing" an iodef tag is the same as ignoring it.
>
Not quite.
A compliant CAA implementation MUST understand the semantics of these
fields and not break if they're marked critical. However, that does not
mean an implementation must do what is in that field - for example, sending
an iodef.
This is no different from X.509v3, so it should be very easy for CAs to
understand the concept.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/public/attachments/20170315/d6248ad0/attachment-0003.html>
More information about the Public
mailing list