[cabfpub] Draft CAA motion (4)

Bruce Morton Bruce.Morton at entrustdatacard.com
Wed Jan 25 17:04:49 UTC 2017

Current contractual obligations may be a prepaid service to perform certificate management services and license a Subscriber to issue X number of certificates (say 5, 10, 100, 500, 1000, ...) over a specific period of time (say 1, 2, 3 years ...). Creation or a change to the CAA record with a hard-fail could stop the CA from fulfilling their obligation.

Anti-competitive behavior is an error case which I think should be planned for in the policy design. I am not sure how we can provide evidence to strongly prove a future error case. I don't believe that we are allowed to discuss possible incentives or benefits which a Subscriber could be provided by restricting the CAA record to a specific CA. 

I am not looking for CA processes to decide whether to check a CAA record. I am looking to use the current methods which we have defined in the BRs and EV guidelines to permit a CA to issue a certificate. I am also looking for escalation processes using defined terms and requirements from the BRs and EV guidelines to allow an Applicant or Subscriber to request and authenticate the issuance of a certificate.

Thanks, Bruce.

-----Original Message-----
From: Gervase Markham [mailto:gerv at mozilla.org] 
Sent: Wednesday, January 25, 2017 9:57 AM
To: CA/Browser Forum Public Discussion List <public at cabforum.org>; Doug Beattie <doug.beattie at globalsign.com>
Cc: Bruce Morton <Bruce.Morton at entrustdatacard.com>
Subject: Re: [cabfpub] Draft CAA motion (4)

On 25/01/17 14:36, Bruce Morton via Public wrote:
> The issue with a CAA hard-fail for all circumstances is that it could 
> impact current obligations for certificate issuance and management

You mean current contractual obligations? It would help if you gave a sample contract clause you think is incompatible with CAA checking.

> and
> it is anti-competitive. 

This assertion continues to be made with no evidence; this is why the motion strongly suggests that CAs gather such evidence. In the mean time, the suggestion is FUD.

> What I don’t understand is why there are objections to a proposed 
> solution without trying to provide an alternative.

I don't know how many more ways I can explain why leaving it up to the CA's processes as to whether to check CAA is not acceptable. I hope other members of the list will bear witness that I've had at least two or three goes.


More information about the Public mailing list