[cabfpub] Google Chrome's stance on CAA algorithms

Devon O'Brien asymmetric at google.com
Tue Sep 26 03:11:32 UTC 2017


Hello CA/B Forum,

In advance of the conclusion of Ballot 214’s voting period, we’re writing
to share with the CA community Google Chrome’s stance regarding permissible
CAA algorithm usage.

We consider the CAA checking algorithm specified in Erratum 5065 to be
superior to the one specified in RFC 6844 and therefore are granting
immediate dispensation for all CAs to issue certificates following the
algorithm specified in either RFC 6844 or RFC 6844 as amended by Erratum
5065 when performing the mandatory pre-issuance CAA checks.

It appears likely that there will be a follow-on Ballot to 214, specifying
a transition timeline for CAs to move to Erratum 5065’s algorithm. If and
when such a ballot passes, CAs will be required to transition to the
updated algorithm in accordance with the updated Baseline Requirements

Thanks,
Devon O’Brien
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://cabforum.org/pipermail/public/attachments/20170925/1685793d/attachment.html>


More information about the Public mailing list