[cabfpub] Draft CAA motion (3)

Steve Medin Steve_Medin at symantec.com
Thu Jan 19 09:11:05 MST 2017


Gerv, in the event that a domain does not have CAA, would you be willing to allow CAs to cache that result for longer than one hour? You presently offer TTL or 1 hour, whichever is greater, when CAA is present. Might a day be reasonable, since the domain owner has not yet opted in to CAA?

> -----Original Message-----
> From: Public [mailto:public-bounces at cabforum.org] On Behalf Of Gervase
> Markham via Public
> Sent: Thursday, January 19, 2017 8:49 AM
> To: Doug Beattie <doug.beattie at globalsign.com>; CA/Browser Forum Public
> Discussion List <public at cabforum.org>
> Cc: Gervase Markham <gerv at mozilla.org>
> Subject: Re: [cabfpub] Draft CAA motion (3)
> 
> On 19/01/17 13:44, Doug Beattie wrote:
> > I don’t think wanting to know stats about cert issuance belongs in the
> > BRs, we should stick to Security and Compliance topics.
> 
> It's not that I "want to know" stats, it's that CAs have continually raised the
> objection to CAA that there will be this problem. That is why this is in there as
> a SHOULD.
> 
> I am happy to remove it if all CAs are happy to promise that they will never
> object to CAA in the future or try and have the requirement for its use
> watered down on the grounds of false positives/negatives. :-) But I suspect
> people will not want to commit to that.
> 
> Gerv
> _______________________________________________
> Public mailing list
> Public at cabforum.org
> https://clicktime.symantec.com/a/1/HaHzJ2qGpZvz_l3eejHu8CW36DVnQvd
> M3DVZ5mNS3uQ=?d=yQb-F1Z_aBefqtQRhtJQn7Tp9LVh-
> CAxnU5B8seTJONXsAXIBGXA2zEI-
> T2b5aw1ogT5kUjgyyWSDHry8ptzf4YvFWZL0mFeeb9hCjU_oXcL0XtN6gj2At8S
> 8cmjdY9jcXgP-
> 6MdJpcwdWWki_FSI4dadFgGVIHe4Ih7rro6HA4snkgmZCe8zCI8CS1L7zPJqWw
> -OxKNhUmKv5Ev6ZJCZyonqV0F1YhjUWCQ81JY8UUC-
> Wis1K0Qi4HhbhCl1ZFMLOaW2Z2gd4oQjpgilk73MrgMlHzc6QBH7W882NmAM
> TPhQwczS9Lf-xmMvO43JYNLDxy-
> 3Aqx4wn709AdXIsvvvOCfyGJPSj7OFNQIrhwR5owii0eYh50gW-
> JN7wJHwRkPA%3D%3D&u=https%3A%2F%2Fcabforum.org%2Fmailman%2Fli
> stinfo%2Fpublic
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 5744 bytes
Desc: not available
URL: <http://cabforum.org/pipermail/public/attachments/20170119/25075253/attachment-0001.bin>


More information about the Public mailing list