On Tue, Mar 14, 2017 at 12:24 PM, Hugo Landau <[email protected]> wrote:
> > > The CAA check is/was easy to make and crippling it > > > by not making it a requirement was IMNSHO a mistake. > > ... > > > I urge the WG to reconsider. > > > > Does anyone else agree with Viktor? Please speak up on the list this > week if so. > > I'd agree that the CAA check should be made mandatory. At least, I can't > think of any good reason why it shouldn't be. > I very strongly disagree. What checks the CA does before issuing is up to the CA's policy. This document provides tools for CAs to do those checks; it does not constrain what CAs do. > I'd also agree that the use of a DNSSEC-validating resolver accessed via > a trusted network (preferably localhost) should be mandatory. > Likewise. --Richard > > _______________________________________________ > Acme mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/acme >
_______________________________________________ Acme mailing list [email protected] https://www.ietf.org/mailman/listinfo/acme
