On Wed, Feb 22, 2017 at 2:32 PM, Doug Beattie via Public < [email protected]> wrote: > > Several people have looked at RFC 6844 and have come away with different > interpretations of what the processing means, so I HIGHLY recommend we > include the CAA processing that MUST be performed so there is no ambiguity > and so it’s clear for auditors. This includes statements like: >
Hi Doug, This is and remains problematic, and it doesn't seem the previous feedback was addressed. This is a bit like the recent remarks Virginia shared with offering interpretation of legal matters - while it's meant well, it introduces new problems. Perhaps you would consider filing IETF errata on what you think is unclear? I'm sensitive and appreciate the concern that technical documents may be hard to understand, I think RFC5280 and the (non-)compliance by CAs is ample evidence that no matter how unambiguous things are, people will misinterpret and misunderstand.
_______________________________________________ Public mailing list [email protected] https://cabforum.org/mailman/listinfo/public
