There’s an IETF component, but minimum necessary standards for email certificate issuance is a policy issue, not a technical one.
Somewhere, it needs to say “CAs issuing e-mail certificates MUST check CAA in accordance with CAA-bis.” -Tim With CABF governance reform coming into effect on July 3rd, I'm cautiously optimistic we can start writing requirements for e-mail certificates and phasing out bad practices and phasing in good practices soon. CAA for e-mail certificates is definitely worth considering as part of that process. Isn't this an IETF issue? Shouldn't those who issue e-mail certificates begin looking at the level of authentication provided for domains today?
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy