[cabfpub] CAA: Interpretation of 3.2.2.8 + 3.2.2.5
Jacob Hoffman-Andrews
jsha at letsencrypt.org
Mon Aug 28 15:02:42 MST 2017
On Mon, Aug 28, 2017 at 2:56 PM, Ryan Sleevi via Public <public at cabforum.org
> wrote:
> As such, if you desire an IP-address bearing certificate, there is no
> means you can use to limit the CAs who can issue or (by virtue of the
> CA-specific extensions) any policies that the issuing CAs use to verify or
> authenticate the request.
>
> Does this conclusion feel correct for others?
>
This is also my understanding of the relevant documents. There was some
recent discussion on the IETF ACME mailing list around issuance for IP
addresses that brought up this point - There is no CAA equivalent for IP
addresses, but it might be useful to develop one.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://cabforum.org/pipermail/public/attachments/20170828/490b29c4/attachment.html>
More information about the Public
mailing list