[cabfpub] Draft CAA motion
pzb at amzn.com
Wed Nov 9 19:06:39 UTC 2016
> On Nov 9, 2016, at 10:58 AM, Ryan Sleevi via Public <public at cabforum.org> wrote:
> This could also be extended to stopping an random person from creating an account where the data is pre-verified if the verification fails the CAA check. I also hope the goal is to allow a company to contract a CA to issue tens, hundreds or thousands of certificates per year without suddenly being blocked by a change to a CAA record.
> I think the preponderance of evidence on this thread have shown that this claim - "blocked by a change to a CAA record" - is not supported. If you have any data or experience to show it is, I think that'd be very useful - and indeed, I appreciate Gerv's clause that tries to move us beyond the circular discussions claiming (without evidence or experience) that it will be a problem.
If we adopt CAA hard-fail only, and it does become a problem, what is the path to correct, given the current WebTrust cycle? At it stands, I expect it to take years to correct if it makes it into a WebTrust criteria set.
Even if we ignore WebTrust, what is the path to revert the change if evidence is shown it is causing harm?
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Public