[cabfpub] CAA Algorithms for CAs in Microsoft's Trusted Root Program

Mike Reilly (WDG) Mike.Reilly at microsoft.com
Tue Sep 26 19:53:29 UTC 2017


CA Community, I wanted to provide you with Microsoft's position on CAA algorithms to add to what has already been posted by Google Chrome and Mozilla.

Given that CAA is now mandatory and ballot 214 is currently in voting period, Microsoft will give immediate dispensation for CAs to issue certificates following the algorithm specified in either RFC 6844 or RFC 6844 as amended by Erratum 5065 when performing the mandatory pre-issuance CAA checks.  If Baseline Requirements are updated to require Erratum 5065 algorithm then CAs will be expected to transition to this updated algorithm within a reasonable amount of time which may be specified by a follow on ballot to 214 in the CAB Forum.

Thanks, Mike

Mike Reilly | Principal PM Lead

Windows & Devices Group | Information Security
Risk Management and Crypto Ecosystem
One Microsoft Way | Redmond, WA 98052

[MSFT_logo_Gray DE sized SIG1.png]




-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://cabforum.org/pipermail/public/attachments/20170926/e2ca29ad/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image003.jpg
Type: image/jpeg
Size: 2396 bytes
Desc: image003.jpg
URL: <http://cabforum.org/pipermail/public/attachments/20170926/e2ca29ad/attachment.jpg>


More information about the Public mailing list