[cabfpub] Checking CAA oneself
Gervase Markham
gerv at mozilla.org
Fri Sep 23 08:46:31 UTC 2016
On 22/09/16 22:02, Ryan Sleevi wrote:
> Customers don't receive value in CAA until (all) CAs are obligated to
> check & respect it. However, if we get there, it becomes a vital and
> valuable security feature.
Coming to a conclusion on that discussion (whatever we decide to do)
should indeed be the first step. We were discussing whether to mandate
"soft" CAA (i.e. elevated risk when issuing against), "hard" CAA (i.e.
not permitted to issue against), or "mixed" CAA ("soft" is the default,
but site can choose "hard" via some marker in their CAA record).
Gerv
More information about the Public
mailing list