[cabfpub] Draft CAA motion (3)
Steve_Medin at symantec.com
Thu Jan 19 09:11:05 MST 2017
Gerv, in the event that a domain does not have CAA, would you be willing to allow CAs to cache that result for longer than one hour? You presently offer TTL or 1 hour, whichever is greater, when CAA is present. Might a day be reasonable, since the domain owner has not yet opted in to CAA?
> -----Original Message-----
> From: Public [mailto:public-bounces at cabforum.org] On Behalf Of Gervase
> Markham via Public
> Sent: Thursday, January 19, 2017 8:49 AM
> To: Doug Beattie <doug.beattie at globalsign.com>; CA/Browser Forum Public
> Discussion List <public at cabforum.org>
> Cc: Gervase Markham <gerv at mozilla.org>
> Subject: Re: [cabfpub] Draft CAA motion (3)
> On 19/01/17 13:44, Doug Beattie wrote:
> > I don’t think wanting to know stats about cert issuance belongs in the
> > BRs, we should stick to Security and Compliance topics.
> It's not that I "want to know" stats, it's that CAs have continually raised the
> objection to CAA that there will be this problem. That is why this is in there as
> a SHOULD.
> I am happy to remove it if all CAs are happy to promise that they will never
> object to CAA in the future or try and have the requirement for its use
> watered down on the grounds of false positives/negatives. :-) But I suspect
> people will not want to commit to that.
> Public mailing list
> Public at cabforum.org
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 5744 bytes
Desc: not available
More information about the Public