<html><head><meta http-equiv="Content-Type" content="text/html charset=us-ascii"></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;" class=""><br class=""><div><blockquote type="cite" class=""><div class="">On Nov 9, 2016, at 10:58 AM, Ryan Sleevi via Public <<a href="mailto:public@cabforum.org" class="">public@cabforum.org</a>> wrote:</div><br class="Apple-interchange-newline"><div class=""><meta http-equiv="Content-Type" content="text/html; charset=utf-8" class=""><div dir="ltr" class=""> <br class=""><div class="gmail_extra"><div class="gmail_quote"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div lang="EN-US" link="blue" vlink="purple" class=""><div class="m_-6768152368494706811WordSection1"><p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1f497d" class="">This could also be extended to stopping an random person from creating an account where the data is pre-verified if the verification fails the CAA check. I also hope the goal is to allow a company to contract a CA to issue tens, hundreds or thousands
of certificates per year without suddenly being blocked by a change to a CAA record.</span></p></div></div></blockquote><div class=""><br class=""></div><div class="">I think the preponderance of evidence on this thread have shown that this claim - "blocked by a change to a CAA record" - is not supported. If you have any data or experience to show it is, I think that'd be very useful - and indeed, I appreciate Gerv's clause that tries to move us beyond the circular discussions claiming (without evidence or experience) that it will be a problem.</div></div></div></div></div></blockquote><br class=""></div><div>Ryan,</div><div><br class=""></div><div>If we adopt CAA hard-fail only, and it does become a problem, what is the path to correct, given the current WebTrust cycle? At it stands, I expect it to take years to correct if it makes it into a WebTrust criteria set.</div><div><br class=""></div><div>Even if we ignore WebTrust, what is the path to revert the change if evidence is shown it is causing harm?</div><div><br class=""></div><div>Thanks,</div><div>Peter</div></body></html>