The second paragraph is hard for me to parse. Let me try to reword it.
The presence of this parameter in a property further constrains certificate issuance for that property. Whenever the parameter is included in a property, a CA MUST NOT use any validation method unless the method is explicitly listed.
Thanks, Yaron
Since the consensus seems to be to change to "validation-methods", here's the wording I propose for the validation-methods section: Extensions to the CAA Record: validation-methods Parameter ========================================================== A CAA parameter "validation-methods" is also defined for the "issue" and "issuewild" properties. The value of this parameter, if specified, MUST be a comma-separated string of challenge method names. Each challenge method name MUST be either an ACME challenge method name or a CA-assigned non-ACME challenge method name. The presence of this parameter constrains the property to which it is attached. A CA MUST only consider a property with the "validation-methods" parameter to authorize issuance where the name of the challenge method being used is one of the names listed in the comma-separated list. Where a CA supports both the "validation-methods" parameter and one or more non-ACME challenge methods, it MUST assign identifiers to those methods. These identifiers MUST be chosen to minimise the likelihood of conflict with any ACME challenge method name; it is RECOMMENDED that, at the very least, CAs avoid assigning identifiers ending in a hyphen and two digits ("-00"). A CA SHOULD assign individual identifiers to each of its non-ACME challenge methods. However, if it is unable or unwilling to do so, it MAY use the fallback identifier of "non-acme" to identify such methods. ------------------------------ Subject: Digest Footer _______________________________________________ Acme mailing list Acme@ietf.org https://www.ietf.org/mailman/listinfo/acme ------------------------------ End of Acme Digest, Vol 34, Issue 1 ***********************************
_______________________________________________ Acme mailing list Acme@ietf.org https://www.ietf.org/mailman/listinfo/acme