[cabfpub] CAA working group description

Doug Beattie doug.beattie at globalsign.com
Thu Oct 5 19:40:25 UTC 2017

Yes, I agree that it seems IETF has left portions of the spec under defined, for example how to look up and validate CAA records given all of the types of errors that could be encountered.  Do we expect the IETF WG to focus more heavily on those, or should this be done in CABForum?  I think a CABForum WG to discuss and recommend changes to IETF might be the most expedient and effective approach near term.  If we find out that IETF is addressing this and we have conflicting work products, then we can disband the WG and participate in IETF.

From: Public [mailto:public-bounces at cabforum.org] On Behalf Of Phillip via Public
Sent: Thursday, October 5, 2017 2:09 PM
To: 'Ryan Sleevi' <sleevi at google.com>; 'CA/Browser Forum Public Discussion List' <public at cabforum.org>; 'Jacob Hoffman-Andrews' <jsha at letsencrypt.org>
Subject: Re: [cabfpub] CAA working group description

I can well imagine a possibility where the IETF WG might leave some parts of the specification specified in less detail than would be desirable for compliance purposes and thus make work in CABForum desirable. But lets cross that bridge if we come to it.

What somewhat worries me is a situation in which I have ten CABForum members tell me that they really want X in a CABForum group and then I report that into the IETF WG and three people say they have other ideas and there being 3 of them and one of me, they represent the consensus. IETF process does allow for liasons and there might be an argument for a CABForum/IETF liason. But that does not seem like the right approach here.

From: Public [mailto:public-bounces at cabforum.org] On Behalf Of Ryan Sleevi via Public
Sent: Thursday, October 5, 2017 1:52 PM
To: Jacob Hoffman-Andrews <jsha at letsencrypt.org>; CA/Browser Forum Public Discussion List <public at cabforum.org>
Subject: Re: [cabfpub] CAA working group description

I agree with both Phillip and Jacob here. I think LAMPS is a great venue for working out the technical issues of discussion - and identifying where policy flexibility is needed or the challenges - and then bringing that as maybe one or two more ballots into the Forum. I think the technical clarifications and edge cases that we've seen discussed are totally within the realm of IETF's goals of interoperability, so we should try to use that as much as possible :)

The extent of Forum ballots seems like it may be adopting one or two more technical erratum (if interoperability issues arise and raised in IETF), and then potentially exploring adopting the newer version being proposed in LAMPS once completed.

On Thu, Oct 5, 2017 at 10:40 AM, Jacob Hoffman-Andrews via Public <public at cabforum.org<mailto:public at cabforum.org>> wrote:
With respect, I would suggest that there is already a CAA working group: the IETF LAMPS WG at https://datatracker.ietf.org/wg/lamps/charter/. It has the advantage of being open for anyone to join and post, so CAs can more easily have conversations with Subscribers and Relying Parties. If half of the CAA conversation happens in LAMPS and half happens here, it will be harder for Subscribers and Relying Parties to fully participate.

I'd definitely encourage anyone in the CA/Browser Forum who is interested in CAA issues to join the LAMPS mailing list at https://www.ietf.org/mailman/listinfo/spasm (confusingly, the mailing list is named SPASM, a holdover from an earlier name).

I think it's likely there will be another ballot or two in the CA/Browser Forum clarifying some of the language we use to incorporate CAA, but I think the amount of work is not enough to justify splitting out a second working group.

Public mailing list
Public at cabforum.org<mailto:Public at cabforum.org>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/public/attachments/20171005/e479d6f0/attachment-0003.html>

More information about the Public mailing list