> Have you seen the thread on the LAMPS (SPASM) mailing list, titled > "CAA Erratum 4515"? That raises some technical issues, which make me > (as an individual at least) think it's premature. I wasn't aware of this.
However, as far as I'm aware mandatory CAA checking is now a done deal: https://cabforum.org/pipermail/public/2017-March/009988.html I'd therefore argue it isn't premature, a) because CAs are going to have to implement it by September anyway, b) because it's already used in production (Let's Encrypt) successfully. In light of the CAB Forum resolution, the additional utility of adding a normative requirement to the ACME RFC is marginal, so I'm no longer terribly bothered either way, though still ultimately in favour. _______________________________________________ Acme mailing list [email protected] https://www.ietf.org/mailman/listinfo/acme
