[cabfpub] Ballot 125 - CAA

Ben Wilson ben.wilson at digicert.com
Thu Sep 18 03:50:18 UTC 2014


Here is some draft language to add to the end of Section 8.2.2 of the Baseline Requirements.

Effective as of [insert date that is six months from Ballot 125 adoption], section 4.2 of a CA's Certificate Policy and/or Certification Practice Statement (section 4.1 for CAs still conforming to RFC 2527) SHALL state whether the CA reviews CAA Records, and if so, (1) the CA's policy or practice on processing CAA Records for Fully Qualified Domain Names, and (2) that the CA logs actions consistent with its processing practice.

My interpretation of this language is that CAs will be required to disclose their CAA-review practices and if they do review CAA records, that they also state in their CP or CPS:  (1) what those practices are, and (2) that they document their actions.  Is this clear to everyone else with the proposed language?  Does anyone feel that it would be difficult to monitor or audit compliance with this requirement?


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/public/attachments/20140918/b6241d33/attachment-0002.html>

More information about the Public mailing list