[Servercert-wg] Clarification of CAA requirements for onion certificates
Dimitris Zacharopoulos (HARICA)
dzacharo at harica.gr
Tue Jan 26 10:08:03 UTC 2021
Dear Members,
I was doing a review of CAA requirements in the BRs. Unless I am missing
something, section 3.2.2.8 seems to enforce the CAA check for all
certificate types, including onion certificates. I believe there should
be an exemption for onion certificates since they do not use the DNS
that chains to the ICANN root.
Do others feel that we need to clarify this further in the BRs either in
section 3.2.2.8 or in Appendix B?
Thank you,
Dimitris.
More information about the Servercert-wg
mailing list