[cabfpub] Results on Ballot 187 - Make CAA Checking Mandatory
y-iida at secom.co.jp
y-iida at secom.co.jp
Tue Mar 21 02:02:07 UTC 2017
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hello, people.
New text reads:
CAA checking is optional for certificates for which a
Certificate Transparency pre-certificate was created and
logged in at least two public logs, and for which CAA was
checked.
This ends with ``for which CAA was checked.'' Does it mean
that CA MUST look up DNS CAA resource records, regardless of CT
logging?
- --
iida
>On 15/03/17 18:17, Rick Andrews wrote:
>> There's another "bug" that I hope you'll consider clarifying regarding iodef
>> records.
>
>As others have noted, this is not a bug, and the text is correct as it
>stands. However, you are not the first person to trip over this, so if
>you have suggestions for how the meaning can be retained but the text
>clarified, I would be happy to hear them.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iEYEARECAAYFAljQiQoACgkQYYPdCnCyRyoZWACfWPt7BAG94Q5bQH7V+u7w6U37
1nUAn0jtW2XJpt6ecuyoYNGXjN47d5bo
=2GNC
-----END PGP SIGNATURE-----
More information about the Public
mailing list