[cabfpub] Draft CAA motion

Jeremy Rowley jeremy.rowley at digicert.com
Wed Nov 9 10:48:21 MST 2016


An optional opt out is fair. It keeps the choice with the customer, which I 
like.

-----Original Message-----
From: Gervase Markham [mailto:gerv at mozilla.org]
Sent: Wednesday, November 9, 2016 10:35 AM
To: Jeremy Rowley <jeremy.rowley at digicert.com>; CA/Browser Forum Public 
Discussion List <public at cabforum.org>; Doug Beattie 
<doug.beattie at globalsign.com>
Subject: Re: [cabfpub] Draft CAA motion

On 09/11/16 16:02, Jeremy Rowley wrote:
> One way around the difficulty of CAA recording checking for large
> companies and mass issuance is to exempt the CA from record checking
> where issuance is through a technically constrained intermediate.  In
> this case, the CA has already verified the company has requested an
> issuing CA (which means high volume issuance) and you know the company
> is only issuing to their domains.

Yep, good point. I think we did discuss that last time, and it didn't make it 
into the motion. I will add it. Although I might make it an optional opt-out 
which has to be in the contract so the customer is aware, rather than an 
automatic opt-out.

Gerv
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4964 bytes
Desc: not available
URL: <http://cabforum.org/pipermail/public/attachments/20161109/f6116be3/attachment-0001.bin>


More information about the Public mailing list