[Servercert-wg] Ballot SC 13 version 2

Ryan Sleevi sleevi at google.com
Tue Nov 20 11:29:27 MST 2018

Can you explain the motivation a bit more for the following addition:

> This email address is a valid contact address for all domains it is
relevant for via the standard CAA search algorithm specified in RFC 6844
section 4.

As best I can tell, you're trying to suggest that the CAA processing rules
apply. If that's the case, I don't think this language achieves what you
want in a clear and unambiguous way. For example, does this section
consider the Errata or not? One reading is that by saying "standard CAA
search algorithm", you do not consider the Errata allowed in other areas.

Further, it also does not seem appropriate to place it in this section (the
appendix definition of the tag), as opposed to the validation method
itself, which is where the *processing* of the tag appropriately belongs.

I believe you want to place this within the validation sections (e.g., by describing it as (in that section)
(Old) > The Random Value MUST be sent to an email address identified as a
CAA contactemail property record as defined in Appendix B.
(New) > The Random Value MUST be sent to an email address contained in a
contactemail property tag, as defined in Appendix B, present in the CAA
Resource Record Set.

The point being that the algorithm that is applied (for determining the CAA
Resource Record Set) is left to be consistent with all other CAA handling,
and you're instead emphasizing that one _or more_ contactemail property
tags be present in the resultant CAA Resource Record Set.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://cabforum.org/pipermail/servercert-wg/attachments/20181120/5d7e5908/attachment.html>

More information about the Servercert-wg mailing list