[cabfpub] CAA concerns (and potential solutions)

Gervase Markham gerv at mozilla.org
Sat Oct 29 07:59:19 UTC 2016


On 28/10/16 17:49, Ryan Sleevi wrote:
> On Fri, Oct 28, 2016 at 7:49 AM, Peter Bowen via Public
> <public at cabforum.org <mailto:public at cabforum.org>> wrote:
> 
>     I think CAs should track this so we can come back in a year and
>     review how often allowing soft-fail had any impact. 
> 
> We've been spinning our wheels on this point for several years. For four
> years now, we've been suggesting CAs do just that. They haven't. The
> closest we've been able to come is for CAs to document their policies on
> CAA.

Just to be clear: presumably you are not against CAs documenting and
reporting implementation experience, you are just against weakening CAA?

I definitely think we should either require or strongly encourage CAs to
document the actual problems CAA causes for them, if any, so we can get
a better picture. Whether we exempt certain categories of issuance from
CAA while we do that is a separate question.

Gerv



More information about the Public mailing list