Thank you for your response. On Wed, Aug 22, 2018 at 11:51 AM josselin.allemandou--- via dev-security-policy <[email protected]> wrote:
> We confirm that no, this is not the case. This is what we said in the CP / > CPS because we thought that these constraints could be regularly > encountered and that it could be bad for the business, but as I said in our > answer, the controls to report the blocking cases were positioned since the > beginning of the application of the requirements about CAA records, but we > have failed to update the documents. > > > You are stating that your system has, since 8-September 2017, checked CAA records in compliance with the BRs, and whenever a CAA record indicated that you did not have permission to issue the certificate, the system alerted your RA Officers who then rejected the request. Is this correct? > > Requests are processed not only automatically but also involving human > validation by our Registration Authority and in particular, our > Registration Officiers are systematically warned in case of alert on a CAA > record. We confirm to you, despite what has not been updated in the CP / > CPS that we block request well in accordance with the requirements > expressed. > > > What evidence do you have that all requests that failed CAA validation were indeed denied? How many requests failed the CAA check and then were manually rejected by an RA Officer? > > We wanted to wait for your feedback on the other points before updating > our CP / CPS, but we can update them before the end of the week if > necessary. > > > I would recommend that you go ahead and make the CPS changes that you have proposed rather than waiting for Devon's reply, but do not rush to complete them this week. > > We hope that it meets yours expectation and remain at your disposal for > further information. > > Best regards > > _______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
