[cabfpub] CAA: clarity on naming CA
Gervase Markham
gerv at mozilla.org
Mon Sep 11 07:09:19 MST 2017
On 07/09/17 15:53, Stephen Davidson via Public wrote:
> All doable under RFC 6844 – but not so clear what the requirements are
> under the BR and browser expectations (particularly concerning CPS
> language). Feedback appreciated.
We don't have specific expectations in this area; as you say, either can
be justified under the RFC. It's easier for a number of reasons (such as
writing software to do interesting things with CAA) if each root has a
single set of CAA identifiers which are usable for all certs issued
under that root (which would imply always using the root owner's
domain(s))... but as there's no requirement anywhere that this be the
case, I'll just make it a polite request and leave it at that :-)
Gerv
More information about the Public
mailing list