[cabfpub] Continuing the discussion on CAA
Gervase Markham
gerv at mozilla.org
Tue Sep 13 15:26:08 UTC 2016
On 13/09/16 14:51, Bruce Morton wrote:
> The expectation for an enterprise account is that the information is all
> pre-validated. This allows the subscriber to issue OV and EV
> certificates 24/7/365. Performing a CAA check at time of issuance would
> mean that the data is not all pre-validated. A failed CAA check could
> stop a certificate from being issued.
Could we permit this to be contracted around? In other words, allow a CA
to contract with an enterprise that the enterprise will notify them by a
means other than CAA if they wish to stop using their services, and in
return the CA is allowed not to check CAA at time of issuance.
Gerv
More information about the Public
mailing list