Re: implementing testing of new CAA-record in DNS according RFC6844
- From: Eva Stöwe <katzazi AT gmx.de>
- To: cacert-policy AT lists.cacert.org
- Subject: Re: implementing testing of new CAA-record in DNS according RFC6844
- Date: Mon, 19 Mar 2018 20:34:50 +0100
I'm somewhat astonished to read that CAcert is a member of CA/Browser
forum. The last status I was aware of was that CAcert applied for some
kind of interested party status or something like that. Forgot the details.
This likely should be clarified, first. Then there would be the question
if that status (whatever it is) is useful and appropriate for CAcert as
I don't have the feeling that there is a lot of manpower to contribute
Anyway, before some policy change would be considered, we probably would
need to know more about what exactly is requested. At what step do we
need such a check? And for what? Which kind of certificates?
On 19.03.2018 17:25, Karl-Heinz Gödderz wrote:
> Dear policy-group members,
> we were informed that
>> since september, 8th, 2017 CAs must check DNS' CAA records. This
>> decision was taken in spring 2017 by CA/Browser forum which CAcert is
>> member of.
>> I can't see that this is already implemented in CAcert's signing
>> software, therefore I would like to ask you to take care of.
> does anyone from this group know if we have to change one of our
> policies to be allowed to implement this imperative?
> I couldn't find any in CPS. Which more policies do apply?
> * more information https://tools.ietf.org/html/rfc6844
Description: OpenPGP digital signature
- implementing testing of new CAA-record in DNS according RFC6844, Karl-Heinz Gödderz, 03/19/2018
- Re: implementing testing of new CAA-record in DNS according RFC6844, Eva Stöwe, 03/19/2018
- Re: implementing testing of new CAA-record in DNS according RFC6844, Bernhard Fröhlich, 03/20/2018
Archive powered by MHonArc 2.6.18.