[cabfpub] "[UNVERIFIED SENDER]Re: no CAA authorizations -- RFC 6844
pzb at amzn.com
Thu Jun 22 12:37:01 MST 2017
> On Jun 22, 2017, at 12:31 PM, Phillip <philliph at comodo.com> wrote:
> It is not clear which of us you are responding to.
> Let us consider the case proposed:
> Domain example.com <http://example.com/> has an issue entry for CA alice.com <http://alice.com/> but no issuewild
> Certificate requested for *.example.com <http://example.com/> from bob.com <http://bob.com/>
> So section 5.3 does not apply. There is no issuewild to take priority.
> The request has a wildcard so the requirement to ignore issuewild records for a non wildcard does not apply.
> No issuewild properties are specified. So the second part does not apply.
However a certificate requested for *.example.com <http://example.com/> from alice.com <http://alice.com/> would be allowed to issue with the records you show in your example.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Public