[cabfpub] Draft CAA motion (3)

Gervase Markham gerv at mozilla.org
Thu Jan 19 06:33:24 MST 2017


On 19/01/17 13:25, Doug Beattie via Public wrote:
> What did you intend by “adverse CAA records”?   If a CA runs across a
> CAA record that identifies other CAs that are authorized to issue but
> not them, I don’t see a reason to report on that to CABF as you
>  suggested in the proposed ballot.

Why not? This is a scenario that lots of CAs seem to be exercised about,
so it would be useful to know how often it happens, and what the
underlying cause is (primarily, if the record turns out to be correct
and the application is wrong or malicious, or whether the record turns
out to be wrong/outdated and the application correct).

So I am very keen to see CAs keeping records of this, because some seem
to think that this will be a highly common and deeply inconvenient
occurrence, and so I want data to prove or disprove that assertion.

> If we create a new section in the BRs for CAA (maybe section 3.2.2.8),
> do we need to update the EVGL with a reference to this so EV
> certificates need to comply, or is everything in the BRs also assumed
> for EVGL?  

The latter. Baseline Requirements apply to all certificate issuance.

Gerv




More information about the Public mailing list