[cabfpub] Draft CAA motion

Peter Bowen pzb at amzn.com
Wed Nov 9 19:06:39 UTC 2016

> On Nov 9, 2016, at 10:58 AM, Ryan Sleevi via Public <public at cabforum.org> wrote:
> This could also be extended to stopping an random person from creating an account where the data is pre-verified if the verification fails the CAA check. I also hope the goal is to allow a company to contract a CA to issue tens, hundreds or thousands of certificates per year without suddenly being blocked by a change to a CAA record.
> I think the preponderance of evidence on this thread have shown that this claim - "blocked by a change to a CAA record" - is not supported. If you have any data or experience to show it is, I think that'd be very useful - and indeed, I appreciate Gerv's clause that tries to move us beyond the circular discussions claiming (without evidence or experience) that it will be a problem.


If we adopt CAA hard-fail only, and it does become a problem, what is the path to correct, given the current WebTrust cycle?  At it stands, I expect it to take years to correct if it makes it into a WebTrust criteria set.

Even if we ignore WebTrust, what is the path to revert the change if evidence is shown it is causing harm?

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/public/attachments/20161109/e2e6f2cf/attachment-0003.html>

More information about the Public mailing list