[cabfpub] "[UNVERIFIED SENDER]Re: no CAA authorizations -- RFC 6844
Peter Bowen
pzb at amzn.com
Thu Jun 22 12:37:01 MST 2017
> On Jun 22, 2017, at 12:31 PM, Phillip <philliph at comodo.com> wrote:
>
> It is not clear which of us you are responding to.
>
> Let us consider the case proposed:
>
> Domain example.com <http://example.com/> has an issue entry for CA alice.com <http://alice.com/> but no issuewild
> Certificate requested for *.example.com <http://example.com/> from bob.com <http://bob.com/>
>
> So section 5.3 does not apply. There is no issuewild to take priority.
>
> The request has a wildcard so the requirement to ignore issuewild records for a non wildcard does not apply.
>
> No issuewild properties are specified. So the second part does not apply.
Agreed.
However a certificate requested for *.example.com <http://example.com/> from alice.com <http://alice.com/> would be allowed to issue with the records you show in your example.
Thanks,
Peter
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://cabforum.org/pipermail/public/attachments/20170622/fe6cedae/attachment.html>
More information about the Public
mailing list