[cabfpub] no CAA authorizations -- RFC 6844
gerv at mozilla.org
Thu Jun 22 05:34:19 MST 2017
On 22/06/17 06:42, y-iida--- via Public wrote:
> <C> Likewise, when there are some relevant CAA records, but no
> CAA with "issuewild" property tag at all for a certificate
> domain, we will issue wildcard certificate for that domain.
You should read RFC6844 carefully, but to my understanding, this is
incorrect. If there is an "issue" property but no "issuewild" property,
then the "issue" property also controls the issuance of wildcard certs.
So you need to respect it in that case.
More information about the Public