[cabfpub] Ballot 187 - Make CAA Checking Mandatory

Ryan Sleevi sleevi at google.com
Tue Feb 28 18:11:41 UTC 2017


On Tue, Feb 28, 2017 at 5:44 AM, philliph--- via Public <public at cabforum.org
> wrote:

> 'Machine readable CPS' was suggested in the 90s, its an AI complete
> problem.


This is not accurate for the problem described. Further, machine readable
PDFs (since it does seem the industry has normalized on PDFs) is quite an
easy problem; I know of many projects which are automatically generating
code from specification PDFs - whether they be the TPM module specification
or the x86 instruction set - so these are demonstrations of the same
problems being solved with a few hours of engineering, rather than being AI
complete.


> I think what was meant is mapping from the domain name to the set of roots
> permitted to issue. That is not an issue for IETF, could be for CABForum or
> for root programs.


No, what is meant is the opposite - a mapping between the logical
organization and the domain name(s) it recognizes it.

The customer relationship is with the organization, not the root or key.
The desire is to find a way for a customer to express "I am using this
organization to issue/manage my certificates", and from there, discern the
appropriate domain name value.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/public/attachments/20170228/3c4dace8/attachment-0003.html>


More information about the Public mailing list