On 22/06/17 06:42, y-iida--- via Public wrote: > <C> Likewise, when there are some relevant CAA records, but no > CAA with "issuewild" property tag at all for a certificate > domain, we will issue wildcard certificate for that domain.
You should read RFC6844 carefully, but to my understanding, this is incorrect. If there is an "issue" property but no "issuewild" property, then the "issue" property also controls the issuance of wildcard certs. So you need to respect it in that case. Gerv _______________________________________________ Public mailing list [email protected] https://cabforum.org/mailman/listinfo/public
