[cabfpub] CAA concerns (and potential solutions)
Gervase Markham
gerv at mozilla.org
Sat Oct 29 07:59:19 UTC 2016
On 28/10/16 17:49, Ryan Sleevi wrote:
> On Fri, Oct 28, 2016 at 7:49 AM, Peter Bowen via Public
> <public at cabforum.org <mailto:public at cabforum.org>> wrote:
>
> I think CAs should track this so we can come back in a year and
> review how often allowing soft-fail had any impact.
>
> We've been spinning our wheels on this point for several years. For four
> years now, we've been suggesting CAs do just that. They haven't. The
> closest we've been able to come is for CAs to document their policies on
> CAA.
Just to be clear: presumably you are not against CAs documenting and
reporting implementation experience, you are just against weakening CAA?
I definitely think we should either require or strongly encourage CAs to
document the actual problems CAA causes for them, if any, so we can get
a better picture. Whether we exempt certain categories of issuance from
CAA while we do that is a separate question.
Gerv
More information about the Public
mailing list