[cabfpub] Draft CAA motion (4)
Bruce.Morton at entrustdatacard.com
Wed Jan 25 10:04:49 MST 2017
Current contractual obligations may be a prepaid service to perform certificate management services and license a Subscriber to issue X number of certificates (say 5, 10, 100, 500, 1000, ...) over a specific period of time (say 1, 2, 3 years ...). Creation or a change to the CAA record with a hard-fail could stop the CA from fulfilling their obligation.
Anti-competitive behavior is an error case which I think should be planned for in the policy design. I am not sure how we can provide evidence to strongly prove a future error case. I don't believe that we are allowed to discuss possible incentives or benefits which a Subscriber could be provided by restricting the CAA record to a specific CA.
I am not looking for CA processes to decide whether to check a CAA record. I am looking to use the current methods which we have defined in the BRs and EV guidelines to permit a CA to issue a certificate. I am also looking for escalation processes using defined terms and requirements from the BRs and EV guidelines to allow an Applicant or Subscriber to request and authenticate the issuance of a certificate.
From: Gervase Markham [mailto:gerv at mozilla.org]
Sent: Wednesday, January 25, 2017 9:57 AM
To: CA/Browser Forum Public Discussion List <public at cabforum.org>; Doug Beattie <doug.beattie at globalsign.com>
Cc: Bruce Morton <Bruce.Morton at entrustdatacard.com>
Subject: Re: [cabfpub] Draft CAA motion (4)
On 25/01/17 14:36, Bruce Morton via Public wrote:
> The issue with a CAA hard-fail for all circumstances is that it could
> impact current obligations for certificate issuance and management
You mean current contractual obligations? It would help if you gave a sample contract clause you think is incompatible with CAA checking.
> it is anti-competitive.
This assertion continues to be made with no evidence; this is why the motion strongly suggests that CAs gather such evidence. In the mean time, the suggestion is FUD.
> What I don’t understand is why there are objections to a proposed
> solution without trying to provide an alternative.
I don't know how many more ways I can explain why leaving it up to the CA's processes as to whether to check CAA is not acceptable. I hope other members of the list will bear witness that I've had at least two or three goes.
More information about the Public