[cabfpub] "[UNVERIFIED SENDER]Re: no CAA authorizations -- RFC 6844

Peter Bowen pzb at amzn.com
Thu Jun 22 19:37:01 UTC 2017

> On Jun 22, 2017, at 12:31 PM, Phillip <philliph at comodo.com> wrote:
> It is not clear which of us you are responding to.
> Let us consider the case proposed:
> Domain example.com <http://example.com/> has an issue entry for CA alice.com <http://alice.com/> but no issuewild
> Certificate requested for *.example.com <http://example.com/> from bob.com <http://bob.com/>
> So section 5.3 does not apply. There is no issuewild to take priority. 
> The request has a wildcard so the requirement to ignore issuewild records for a non wildcard does not apply.
> No issuewild properties are specified. So the second part does not apply.


However a certificate requested for *.example.com <http://example.com/> from alice.com <http://alice.com/> would be allowed to issue with the records you show in your example.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/public/attachments/20170622/fe6cedae/attachment-0003.html>

More information about the Public mailing list