[cabfpub] CAA records on google.com
=JeffH
Jeff.Hodges at KingsMountain.com
Sat Jul 13 01:45:41 UTC 2013
> ... Each entry needs a separate CAA record. This would create one
> record with the wrong data field.
hm, sorry, but I don't understand what you mean by "this" in the above, nor what
you might see as "wrong" with the google.com CAA records.
AFAICT from section 5.3 of RFC6844, the google CAA statements of..
CAA tag CAA
flags lngth tag value
----- ----- --- -----
00 05 issue symantec.com
00 09 issuewild symantec.com
..correctly navigate the processing requirements...
5.3. CAA issuewild Property
The issuewild property has the same syntax and semantics as the issue
property except that issuewild properties only grant authorization to
issue certificates that specify a wildcard domain and issuewild
properties take precedence over issue properties when specified.
Specifically:
issuewild properties MUST be ignored when processing a request for
a domain that is not a wildcard domain.
If at least one issuewild property is specified in the relevant
CAA record set, all issue properties MUST be ignored when
processing a request for a domain that is a wildcard domain.
...am I missing something?
curiously,
=JeffH
More information about the Public
mailing list