On 22/02/17 22:40, Ryan Sleevi via Public wrote:
On Wed, Feb 22, 2017 at 2:32 PM, Doug Beattie via Public wrote:
Several people have looked at RFC 6844 and have come away with
different interpretations of what the processing means, so I HIGHLY
recommend we include the CAA processing that MUST be performed so
there is no ambiguity and so it’s clear for auditors. This includes
statements like:
Hi Doug,
This is and remains problematic, and it doesn't seem the previous
feedback was addressed. This is a bit like the recent remarks Virginia
shared with offering interpretation of legal matters - while it's meant
well, it introduces new problems.
Perhaps you would consider filing IETF errata on what you think is
unclear? I'm sensitive and appreciate the concern that technical
documents may be hard to understand, I think RFC5280 and the
(non-)compliance by CAs is ample evidence that no matter how unambiguous
things are, people will misinterpret and misunderstand.
Doug, Ryan,
I fully agree that https://tools.ietf.org/html/rfc6844#section-4 is
confusing and needs to be revised.
My understanding of the CAA algorithm has at times been flawed, even
after seeking clarification from Phill. If a document confuses even its
authors, then you know there's a problem!
Last week Phill told me he would write an erratum for RFC6844 section 4
this week.
--
Rob Stradling
Senior Research & Development Scientist
COMODO - Creating Trust Online
_______________________________________________
Public mailing list
[email protected]
https://cabforum.org/mailman/listinfo/public
