Kamu SM votes YES on Ballot 219.






On 3 Apr 2018, at 17:13, Corey Bonnell via Public <public@cabforum.org 
<mailto:public@cabforum.org> > wrote:


Ballot 219 v2: Clarify handling of CAA Record Sets with no "issue"/"issuewild" 
property tag


Purpose of this ballot:


RFC 6844 contains an ambiguity in regard to the correct processing of a 
non-empty CAA Resource Record Set that does not contain any issue property tag 
(and also does not contain any issuewild property tag in the case of a Wildcard 
Domain Name). It is ambiguous if a CA must not issue when such a CAA Resource 
Record Set is encountered, or if such a Resource Record Set is implicit 
permission to issue.


Given that the intent of the RFC is clear (such a CAA Resource Record Set is 
implicit permission to issue), we are proposing the following change to allow 
for CAA processing consistent with the intent of the RFC.


The following motion has been proposed by Corey Bonnell of Trustwave and 
endorsed by Tim Hollebeek of Digicert and Mads Egil Henriksveen of Buypass.



This ballot modifies the “Baseline Requirements for the Issuance and Management 
of Publicly-Trusted Certificates” as follows, based upon Version 1.5.6:


In section, add this sentence:

CAs MAY treat a non-empty CAA Resource Record Set that does not contain any 
issue property tags (and also does not contain any issuewild property tags when 
performing CAA processing for a Wildcard Domain Name) as permission to issue, 
provided that no records in the CAA Resource Record Set otherwise prohibit 


to the end of this paragraph:

When processing CAA records, CAs MUST process the issue, issuewild, and iodef 
property tags as specified in RFC 6844, although they are not required to act 
on the contents of the iodef property tag. Additional property tags MAY be 
supported, but MUST NOT conflict with or supersede the mandatory property tags 
set out in this document. CAs MUST respect the critical flag and not issue a 
certificate if they encounter an unrecognized property with this flag set.




The procedure for approval of this ballot is as follows:

Discussion (7+ days)

  Start Time: 2018-03-07 19:00:00 UTC 

  End Time: 2018-04-03 19:00:00 UTC


Vote for approval (7 days)

  Start Time: 2018-04-03 19:00:00 UTC

  End Time: 2018-04-10 19:00:00 UTC




Corey Bonnell

Senior Software Engineer

t: +1 412.395.2233


Trustwave | SMART SECURITY ON DEMAND <http://www.trustwave.com/> 

<CA-Browser Forum BR 1.5.6-ballot 219 
Public mailing list
 <mailto:Public@cabforum.org> Public@cabforum.org


Sorumluluk Reddi

Bu e-posta mesaji ve onunla iletilen tum ekler gonderildigi kisi ya da kuruma 
ozel olup, gizli imtiyazli, ozel bilgiler icerebilecegi gibi gizlilik 
yukumlulugu de tasiyor olabilir. Bu mesajda ve ekindeki dosyalarda bulunan tum 
fikir ve gorusler sadece adres yazarina ait olup, TUBITAK / Kamu SM?nin resmi 
gorusunu yansitmaz. TUBITAK / Kamu SM bu e-posta icerigindeki bilgilerin 
kullanilmasi nedeniyle hic kimseye karsi sorumlu tutulamaz. Mesajin yetkili 
alicisi veya alicisina iletmekten sorumlu kisi degilseniz, mesaj icerigini ya 
da eklerini kullanmayiniz, kopyalamayiniz, yaymayiniz, baska kisilere 
yonlendirmeyiniz ve mesaji gonderen kisiyi derhal e-posta yoluyla haberdar 
ederek bu mesaji ve eklerini herhangi bir kopyasini muhafaza etmeksizin 
siliniz. Kurumumuz size, mesajin ve bilgilerinin degisiklige ugramamasi, 
butunlugunun ve gizliligin korunmasi konusunda garanti vermemekte olup, e-posta 
icerigine yetkisiz olarak yapilan mudahale, virus icermesi ve/veya bilgisayar 
sisteminize verebilecegi herhangi bir zarardan da sorumlu degildir. 


This e-mail message, including any attachments, is intended only for the use of 
the individual or entity to whom it is addressed and may contain confidential, 
privileged, private information as well as the exemption from disclosure. The 
information and views set out in this email are those of the author and do not 
necessarily reflect the official position of TUBITAK / Kamu SM. TUBITAK / Kamu 
SM shall have no liability to any person with regard to the use of the 
information contained in this message. If you are not the intended addressee(s) 
or responsible person to inform the addressee(s), you are hereby notified that; 
any use, dissemination, distribution, or copying of this message and attached 
files is strictly prohibited. Please notify the sender immediately by e-mail 
and delete this message and any attachments without retaining a copy. TUBITAK / 
Kamu SM do not warrant for the accuracy, completeness of the contents of this 
email and/or the preservation of confidentiality, and shall not be liable for 
the unauthorized changes made to this message, viruses and/or any damages 
caused in any way to your computer system.

Public mailing list

Reply via email to