[cabfpub] CAA Exceptions listed in Ballot 187
Gervase Markham
gerv at mozilla.org
Thu May 25 08:58:15 MST 2017
On 25/05/17 16:43, Doug Beattie via Public wrote:
> I'm not clear on the reference to a contractual provision in the
> contract with the Applicant. The Applicant is the natural person or
> Legal Entity that applies for a Certificate. Is the Applicant in
> this case the person applying for the CA certificate or the SSL
> certificate?
It is anticipated that a TCSC will be constrained to domains owned by a
single entity. It is the contract with that entity which is in view.
> I'm not clear what this means: "the CA is the DNS Operator of the
> domain's DNS". We all run DNS servers in our data centers, and this
> does not state that this must be the Authoritative DNS server, so in
> what cases does this exception apply? I'm assuming the CA needs to
> "own" the domains in question, but how does that fall out of this
> requirement?
As Ryan says, it means authoritative DNS. Basically, if the CA controls
the authoritative DNS servers, there's not much point in requiring them
to put a message in DNS for themselves to read.
Gerv
More information about the Public
mailing list