Apple votes YES on ballot 219.

Curt

> On Apr 3, 2018, at 9:13 AM, Corey Bonnell via Public <public@cabforum.org> 
> wrote:
> 
> Ballot 219 v2: Clarify handling of CAA Record Sets with no 
> "issue"/"issuewild" property tag
>  
> Purpose of this ballot:
>  
> RFC 6844 contains an ambiguity in regard to the correct processing of a 
> non-empty CAA Resource Record Set that does not contain any issue property 
> tag (and also does not contain any issuewild property tag in the case of a 
> Wildcard Domain Name). It is ambiguous if a CA must not issue when such a CAA 
> Resource Record Set is encountered, or if such a Resource Record Set is 
> implicit permission to issue.
>  
> Given that the intent of the RFC is clear (such a CAA Resource Record Set is 
> implicit permission to issue), we are proposing the following change to allow 
> for CAA processing consistent with the intent of the RFC.
>  
> The following motion has been proposed by Corey Bonnell of Trustwave and 
> endorsed by Tim Hollebeek of Digicert and Mads Egil Henriksveen of Buypass.
>  
> -- MOTION BEGINS --
> This ballot modifies the “Baseline Requirements for the Issuance and 
> Management of Publicly-Trusted Certificates” as follows, based upon Version 
> 1.5.6:
>  
> In section 3.2.2.8, add this sentence:
> CAs MAY treat a non-empty CAA Resource Record Set that does not contain any 
> issue property tags (and also does not contain any issuewild property tags 
> when performing CAA processing for a Wildcard Domain Name) as permission to 
> issue, provided that no records in the CAA Resource Record Set otherwise 
> prohibit issuance.
>  
> to the end of this paragraph:
> When processing CAA records, CAs MUST process the issue, issuewild, and iodef 
> property tags as specified in RFC 6844, although they are not required to act 
> on the contents of the iodef property tag. Additional property tags MAY be 
> supported, but MUST NOT conflict with or supersede the mandatory property 
> tags set out in this document. CAs MUST respect the critical flag and not 
> issue a certificate if they encounter an unrecognized property with this flag 
> set.
>  
> -- MOTION ENDS –
>  
> The procedure for approval of this ballot is as follows:
> Discussion (7+ days)
>   Start Time: 2018-03-07 19:00:00 UTC 
>   End Time: 2018-04-03 19:00:00 UTC
>  
> Vote for approval (7 days)
>   Start Time: 2018-04-03 19:00:00 UTC
>   End Time: 2018-04-10 19:00:00 UTC
>  
>  
>  
> Corey Bonnell
> Senior Software Engineer
> t: +1 412.395.2233
>  
> Trustwave | SMART SECURITY ON DEMAND
> www.trustwave.com <http://www.trustwave.com/><CA-Browser Forum BR 
> 1.5.6-ballot 219 redline.doc>_______________________________________________
> Public mailing list
> Public@cabforum.org <mailto:Public@cabforum.org>
> https://cabforum.org/mailman/listinfo/public 
> <https://cabforum.org/mailman/listinfo/public>
_______________________________________________
Public mailing list
Public@cabforum.org
https://cabforum.org/mailman/listinfo/public

Reply via email to