[cabfpub] no CAA authorizations -- RFC 6844
Gervase Markham
gerv at mozilla.org
Thu Jun 22 12:34:19 UTC 2017
On 22/06/17 06:42, y-iida--- via Public wrote:
> <C> Likewise, when there are some relevant CAA records, but no
> CAA with "issuewild" property tag at all for a certificate
> domain, we will issue wildcard certificate for that domain.
You should read RFC6844 carefully, but to my understanding, this is
incorrect. If there is an "issue" property but no "issuewild" property,
then the "issue" property also controls the issuance of wildcard certs.
So you need to respect it in that case.
Gerv
More information about the Public
mailing list