[cabfpub] Ballot 187 - Make CAA Checking Mandatory
Ryan Sleevi
sleevi at google.com
Wed Feb 22 22:40:17 UTC 2017
On Wed, Feb 22, 2017 at 2:32 PM, Doug Beattie via Public <
public at cabforum.org> wrote:
>
> Several people have looked at RFC 6844 and have come away with different
> interpretations of what the processing means, so I HIGHLY recommend we
> include the CAA processing that MUST be performed so there is no ambiguity
> and so it’s clear for auditors. This includes statements like:
>
Hi Doug,
This is and remains problematic, and it doesn't seem the previous feedback
was addressed. This is a bit like the recent remarks Virginia shared with
offering interpretation of legal matters - while it's meant well, it
introduces new problems.
Perhaps you would consider filing IETF errata on what you think is unclear?
I'm sensitive and appreciate the concern that technical documents may be
hard to understand, I think RFC5280 and the (non-)compliance by CAs is
ample evidence that no matter how unambiguous things are, people will
misinterpret and misunderstand.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/public/attachments/20170222/adef7af1/attachment-0002.html>
More information about the Public
mailing list