[cabf_validation] Using 188.8.131.52.2/.3 for future domains
sleevi at google.com
Fri Mar 23 02:30:55 MST 2018
Note: I was discussing having the CA disclose the validation method used in
the certificate. Without this, the CAA tags proposal is simply one half of
policy, without a way for affected Subscribers or domain holders to detect
misissuance or malfeasance.
On Fri, Mar 23, 2018 at 5:04 AM, Tim Hollebeek <tim.hollebeek at digicert.com>
> That’s correct, we remain strongly in favor of allowing domain holders to
> restrict validation methods. It’s one of the more important parts of my
> CAA tags proposal, which unfortunately has gotten at best lukewarm support
> from other large CAs.
> I'm similarly interested in declaring the validation method(s) used,
> particularly for domain names, which provides a way for the domain holder
> to validate that the CAA policy is respected. I assume DigiCert's support
> for this has not waned since the last time it was discussed (in the context
> of 190)?
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Validation