[cabfpub] Ballot 187 - Make CAA Checking Mandatory
Rob Stradling
rob.stradling at comodo.com
Thu Feb 23 11:22:30 UTC 2017
On 22/02/17 22:40, Ryan Sleevi via Public wrote:
> On Wed, Feb 22, 2017 at 2:32 PM, Doug Beattie via Public wrote:
>
> Several people have looked at RFC 6844 and have come away with
> different interpretations of what the processing means, so I HIGHLY
> recommend we include the CAA processing that MUST be performed so
> there is no ambiguity and so it’s clear for auditors. This includes
> statements like:
>
>
> Hi Doug,
>
> This is and remains problematic, and it doesn't seem the previous
> feedback was addressed. This is a bit like the recent remarks Virginia
> shared with offering interpretation of legal matters - while it's meant
> well, it introduces new problems.
>
> Perhaps you would consider filing IETF errata on what you think is
> unclear? I'm sensitive and appreciate the concern that technical
> documents may be hard to understand, I think RFC5280 and the
> (non-)compliance by CAs is ample evidence that no matter how unambiguous
> things are, people will misinterpret and misunderstand.
Doug, Ryan,
I fully agree that https://tools.ietf.org/html/rfc6844#section-4 is
confusing and needs to be revised.
My understanding of the CAA algorithm has at times been flawed, even
after seeking clarification from Phill. If a document confuses even its
authors, then you know there's a problem!
Last week Phill told me he would write an erratum for RFC6844 section 4
this week.
--
Rob Stradling
Senior Research & Development Scientist
COMODO - Creating Trust Online
More information about the Public
mailing list