[cabfpub] Ballot 187 - Make CAA Checking Mandatory

Gervase Markham gerv at mozilla.org
Tue Feb 28 02:48:32 MST 2017


On 27/02/17 19:21, Doug Beattie wrote:
> The relationship between the 2 documents is not always clear to me.
> If the BRs apply then why do we have statements like this in EGVL,
> seems redundant with your assumption? 9.5  Subscriber Public Key -
> The requirements in Section 6.1.1.3 of the Baseline requirements
> apply equally to EV Certificates.

Perhaps because sometimes if you include text which seems to be
conflicting, some clarification is necessary? But I don't think that's
true in this case. Alternatively, we aren't always consistent in
applying our principles to our drafting :-)

> I can't find any reference in the EVGL that says you cannot issue
> certificates with IP addresses in them.  Is this because we
> specifically excluded BR section 3.2.2.5 somehow?  If so, is the new
> proposed section 3.2.2.8 also excluded from EV via the same
> mechanism, assumption or reference?

Well, the EV Guidelines don't say how to validate an IP address, and all
info in the cert must be validated. But I agree it could be clearer.
File a bug? :-)

Gerv


More information about the Public mailing list