> On Jun 22, 2017, at 12:31 PM, Phillip <[email protected]> wrote:
>
> It is not clear which of us you are responding to.
>
> Let us consider the case proposed:
>
> Domain example.com <http://example.com/> has an issue entry for CA alice.com
> <http://alice.com/> but no issuewild
> Certificate requested for *.example.com <http://example.com/> from bob.com
> <http://bob.com/>
>
> So section 5.3 does not apply. There is no issuewild to take priority.
>
> The request has a wildcard so the requirement to ignore issuewild records for
> a non wildcard does not apply.
>
> No issuewild properties are specified. So the second part does not apply.
Agreed.
However a certificate requested for *.example.com <http://example.com/> from
alice.com <http://alice.com/> would be allowed to issue with the records you
show in your example.
Thanks,
Peter
_______________________________________________
Public mailing list
[email protected]
https://cabforum.org/mailman/listinfo/public
