Apple votes YES on ballot 219. Curt
> On Apr 3, 2018, at 9:13 AM, Corey Bonnell via Public <[email protected]> > wrote: > > Ballot 219 v2: Clarify handling of CAA Record Sets with no > "issue"/"issuewild" property tag > > Purpose of this ballot: > > RFC 6844 contains an ambiguity in regard to the correct processing of a > non-empty CAA Resource Record Set that does not contain any issue property > tag (and also does not contain any issuewild property tag in the case of a > Wildcard Domain Name). It is ambiguous if a CA must not issue when such a CAA > Resource Record Set is encountered, or if such a Resource Record Set is > implicit permission to issue. > > Given that the intent of the RFC is clear (such a CAA Resource Record Set is > implicit permission to issue), we are proposing the following change to allow > for CAA processing consistent with the intent of the RFC. > > The following motion has been proposed by Corey Bonnell of Trustwave and > endorsed by Tim Hollebeek of Digicert and Mads Egil Henriksveen of Buypass. > > -- MOTION BEGINS -- > This ballot modifies the “Baseline Requirements for the Issuance and > Management of Publicly-Trusted Certificates” as follows, based upon Version > 1.5.6: > > In section 3.2.2.8, add this sentence: > CAs MAY treat a non-empty CAA Resource Record Set that does not contain any > issue property tags (and also does not contain any issuewild property tags > when performing CAA processing for a Wildcard Domain Name) as permission to > issue, provided that no records in the CAA Resource Record Set otherwise > prohibit issuance. > > to the end of this paragraph: > When processing CAA records, CAs MUST process the issue, issuewild, and iodef > property tags as specified in RFC 6844, although they are not required to act > on the contents of the iodef property tag. Additional property tags MAY be > supported, but MUST NOT conflict with or supersede the mandatory property > tags set out in this document. CAs MUST respect the critical flag and not > issue a certificate if they encounter an unrecognized property with this flag > set. > > -- MOTION ENDS – > > The procedure for approval of this ballot is as follows: > Discussion (7+ days) > Start Time: 2018-03-07 19:00:00 UTC > End Time: 2018-04-03 19:00:00 UTC > > Vote for approval (7 days) > Start Time: 2018-04-03 19:00:00 UTC > End Time: 2018-04-10 19:00:00 UTC > > > > Corey Bonnell > Senior Software Engineer > t: +1 412.395.2233 > > Trustwave | SMART SECURITY ON DEMAND > www.trustwave.com <http://www.trustwave.com/><CA-Browser Forum BR > 1.5.6-ballot 219 redline.doc>_______________________________________________ > Public mailing list > [email protected] <mailto:[email protected]> > https://cabforum.org/mailman/listinfo/public > <https://cabforum.org/mailman/listinfo/public>
_______________________________________________ Public mailing list [email protected] https://cabforum.org/mailman/listinfo/public
