On 03/05/17 21:31, Han Yuwei wrote: > A question:How would a domain holder express denial for certain certificate > requests?
Please can you post new questions as new threads rather than as replies to existing threads on another topic? The answer to your question is that they can define which CAs they allow using CAA (RFC 6844) but there is no mechanism yet for them to deny e.g. requests for a DV cert. Gerv _______________________________________________ dev-security-policy mailing list firstname.lastname@example.org https://lists.mozilla.org/listinfo/dev-security-policy