[cabfpub] Draft CAA motion

Gervase Markham gerv at mozilla.org
Tue Nov 8 10:06:28 UTC 2016

On 07/11/16 16:01, Gervase Markham wrote:
> Hi everyone,
> Here's a draft motion to make CAA mandatory. We may not be able to start
> the process properly for a while, but I'd like to get the motion text
> ironed out.

Jürgen Brauckmann <brauckmann at dfn-cert.de> writes to questions at cabforum.org:

This is a quite tight requirement with, depending on the system
architecture of the CA, "interesting" properties. Our own system will
fail to issue some certificates with this time limit under certain
circumstances (cluster fail over with concurrent high load).

Given that many sites use a standard TTL of 1 day, whats the advantage
of specifying 10 minutes to any other arbitrary time span "close enough"
to issuance?

Dipl. Inform. Jürgen Brauckmann (PKI Team)

More information about the Public mailing list