I’m not sure I follow - when you go someapp.example.com to someapp.thirdparty.example, and they point to somewhere.somecdn.example, why is the assumption that somewhere.somecdn.example WOULDN’T place a CAA record?
Given that somewhere.somecdn.example has the business relationship with the CA to do provisioning, I would have thought they’d have a CAA record expressing their provisioning relationship. _______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
