[cabfpub] no CAA authorizations -- RFC 6844

y-iida at secom.co.jp y-iida at secom.co.jp
Thu Jun 22 04:42:08 UTC 2017


Hello, public.

I'm still wondering when there are no CAA authorizations.

<A> When there are no relevant CAA records at all for a certain
domain, we will issue certificate for that domain.

<B> When there are some relevant CAA records, but no CAA with
"issue" property tag at all for a certificate domain, we will
issue non-wildcard certificates for that domain.

<C> Likewise, when there are some relevant CAA records, but no
CAA with "issuewild" property tag at all for a certificate
domain, we will issue wildcard certificate for that domain.

There are because chapter 4 says:
  if such a record set exists

Do those make problems?
--
  iida


More information about the Public mailing list