[cabfpub] Results on Ballot 187 - Make CAA Checking Mandatory

y-iida at secom.co.jp y-iida at secom.co.jp
Tue Mar 21 02:02:07 UTC 2017


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hello, people.

New text reads:
   CAA checking is optional for certificates for which a
   Certificate Transparency pre-certificate was created and
   logged in at least two public logs, and for which CAA was
   checked.

This ends with ``for which CAA was checked.''  Does it mean
that CA MUST look up DNS CAA resource records, regardless of CT
logging?
- --
  iida

>On 15/03/17 18:17, Rick Andrews wrote:
>> There's another "bug" that I hope you'll consider clarifying regarding iodef
>> records.
>
>As others have noted, this is not a bug, and the text is correct as it
>stands. However, you are not the first person to trip over this, so if
>you have suggestions for how the meaning can be retained but the text
>clarified, I would be happy to hear them.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iEYEARECAAYFAljQiQoACgkQYYPdCnCyRyoZWACfWPt7BAG94Q5bQH7V+u7w6U37
1nUAn0jtW2XJpt6ecuyoYNGXjN47d5bo
=2GNC
-----END PGP SIGNATURE-----



More information about the Public mailing list