[cabfpub] Ballot 187 - Make CAA Checking Mandatory
gerv at mozilla.org
Tue Feb 28 09:48:32 UTC 2017
On 27/02/17 19:21, Doug Beattie wrote:
> The relationship between the 2 documents is not always clear to me.
> If the BRs apply then why do we have statements like this in EGVL,
> seems redundant with your assumption? 9.5 Subscriber Public Key -
> The requirements in Section 22.214.171.124 of the Baseline requirements
> apply equally to EV Certificates.
Perhaps because sometimes if you include text which seems to be
conflicting, some clarification is necessary? But I don't think that's
true in this case. Alternatively, we aren't always consistent in
applying our principles to our drafting :-)
> I can't find any reference in the EVGL that says you cannot issue
> certificates with IP addresses in them. Is this because we
> specifically excluded BR section 126.96.36.199 somehow? If so, is the new
> proposed section 188.8.131.52 also excluded from EV via the same
> mechanism, assumption or reference?
Well, the EV Guidelines don't say how to validate an IP address, and all
info in the cert must be validated. But I agree it could be clearer.
File a bug? :-)
More information about the Public