[cabfpub] CAA: clarity on naming CA

Stephen Davidson S.Davidson at quovadisglobal.com
Mon Sep 11 14:17:44 UTC 2017


Perfect; thank you.
Regards, Stephen

-----Original Message-----
From: Gervase Markham [mailto:gerv at mozilla.org] 
Sent: Monday, September 11, 2017 11:09 AM
To: Stephen Davidson <S.Davidson at quovadisglobal.com>; CA/Browser Forum Public Discussion List <public at cabforum.org>
Subject: Re: [cabfpub] CAA: clarity on naming CA

On 07/09/17 15:53, Stephen Davidson via Public wrote:
> All doable under RFC 6844 – but not so clear what the requirements are 
> under the BR and browser expectations (particularly concerning CPS 
> language).  Feedback appreciated.

We don't have specific expectations in this area; as you say, either can be justified under the RFC. It's easier for a number of reasons (such as writing software to do interesting things with CAA) if each root has a single set of CAA identifiers which are usable for all certs issued under that root (which would imply always using the root owner's domain(s))... but as there's no requirement anywhere that this be the case, I'll just make it a polite request and leave it at that :-)

Gerv

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 5552 bytes
Desc: not available
URL: <http://lists.cabforum.org/pipermail/public/attachments/20170911/db143b62/attachment-0003.p7s>


More information about the Public mailing list