+1
Il 11/09/2017 23:28, Jeremy Rowley via dev-security-policy ha scritto:
I would support that. I can't recall why it's in there. -----Original Message----- From: Jonathan Rudenberg [mailto:[email protected]] Sent: Monday, September 11, 2017 3:19 PM To: Jeremy Rowley <[email protected]> Cc: [email protected] Subject: Re: CAA Certificate Problem ReportOn Sep 11, 2017, at 17:03, Jeremy Rowley via dev-security-policy <[email protected]> wrote: For a little more context, the idea is that we can speed up the CAA check for all customers while working with those who have DNSSEC to make sure they aren't killing performance. If there's a way to group them easily into buckets (timeout + quick does DNSSEC exist check), working on improving the experience for that particular set of customers is easier. That bucket can then be improved later.Given the disaster that DNSSEC+CAA has been over the past few days for multiple CAs and the fact that it’s optional in the CAA RFC, what do you think about proposing a ballot to remove the DNSSEC requirement from the BRs entirely? Jonathan _______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
smime.p7s
Description: Firma crittografica S/MIME
_______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
