On 07/09/17 15:53, Stephen Davidson via Public wrote: > All doable under RFC 6844 – but not so clear what the requirements are > under the BR and browser expectations (particularly concerning CPS > language). Feedback appreciated.
We don't have specific expectations in this area; as you say, either can be justified under the RFC. It's easier for a number of reasons (such as writing software to do interesting things with CAA) if each root has a single set of CAA identifiers which are usable for all certs issued under that root (which would imply always using the root owner's domain(s))... but as there's no requirement anywhere that this be the case, I'll just make it a polite request and leave it at that :-) Gerv _______________________________________________ Public mailing list [email protected] https://cabforum.org/mailman/listinfo/public
