[cabfpub] Ballot 187 - Make CAA Checking Mandatory
Gervase Markham
gerv at mozilla.org
Tue Feb 28 09:37:48 UTC 2017
On 27/02/17 21:23, Ryan Sleevi via Public wrote:
> 1. As discussed on Twitter with Gerv and Jacob, there's no easy or
> unambiguous way to automate this lookup. Relatedly, I am a fan
> of Ryan's suggestion on making the CPS be machine-readable so
> these CAA values can be extracted by code rather than humans.
I wonder whether making all CPSes machine-readable is a bit of overkill.
I've been pondering the need for a central registry of security contact
information for CAs. Perhaps that could also have a column for the
domain names that CA recognises as permitting it to issue when present
in a CAA record. It shouldn't be too hard to make this list human-readable.
We will seek this information for each CA in our program using our next
CA Communication.
Gerv
More information about the Public
mailing list