[cabfpub] Draft CAA motion (2)

Steve Medin Steve_Medin at symantec.com
Thu Nov 10 18:29:11 UTC 2016


> -----Original Message-----
> From: Gervase Markham [mailto:gerv at mozilla.org]
> Sent: Thursday, November 10, 2016 12:40 PM
> To: Steve Medin <Steve_Medin at symantec.com>; CA/Browser Forum Public
> Discussion List <public at cabforum.org>
> Subject: Re: [cabfpub] Draft CAA motion (2)
>
> But here's another suggestion. Instead of mandating CAA in Mozilla policy,
> we'll just say that issuing in the face of an adverse CAA record is a 
> serious
> misissuance. Then, you'd be free to not check it as often as you liked, 
> relying
> on your systems and contracts to save you - and the first time they went
> wrong, we'd untrust your intermediate or remove your EV indicator or some
> other sanction. How would that be? :-)
>
> Gerv

Well, that depends on the validity of a contract from the customer that 
absolves the CA from the requirement to check CAA within their service.

Let customers opt out when they trust their CA and its audits and it's no 
longer CA policy or browsers trusting CAs. Let customers adopt CAA to block 
other CAs that do not hold such a contract.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 5744 bytes
Desc: not available
URL: <http://lists.cabforum.org/pipermail/public/attachments/20161110/1ed7a762/attachment-0001.p7s>


More information about the Public mailing list