Mozilla votes Yes on ballot 219. On Tue, Apr 3, 2018 at 9:13 AM, Corey Bonnell via Public < [email protected]> wrote:
> Ballot 219 v2: Clarify handling of CAA Record Sets with no > "issue"/"issuewild" property tag > > > > Purpose of this ballot: > > > > RFC 6844 contains an ambiguity in regard to the correct processing of a > non-empty CAA Resource Record Set that does not contain any issue property > tag (and also does not contain any issuewild property tag in the case of a > Wildcard Domain Name). It is ambiguous if a CA must not issue when such a > CAA Resource Record Set is encountered, or if such a Resource Record Set is > implicit permission to issue. > > > > Given that the intent of the RFC is clear (such a CAA Resource Record Set > is implicit permission to issue), we are proposing the following change to > allow for CAA processing consistent with the intent of the RFC. > > > > The following motion has been proposed by Corey Bonnell of Trustwave and > endorsed by Tim Hollebeek of Digicert and Mads Egil Henriksveen of Buypass. > > > > -- MOTION BEGINS -- > > This ballot modifies the “Baseline Requirements for the Issuance and > Management of Publicly-Trusted Certificates” as follows, based upon Version > 1.5.6: > > > > In section 3.2.2.8, add this sentence: > > CAs MAY treat a non-empty CAA Resource Record Set that does not contain > any issue property tags (and also does not contain any issuewild property > tags when performing CAA processing for a Wildcard Domain Name) as > permission to issue, provided that no records in the CAA Resource Record > Set otherwise prohibit issuance. > > > > to the end of this paragraph: > > When processing CAA records, CAs MUST process the issue, issuewild, and > iodef property tags as specified in RFC 6844, although they are not > required to act on the contents of the iodef property tag. Additional > property tags MAY be supported, but MUST NOT conflict with or supersede the > mandatory property tags set out in this document. CAs MUST respect the > critical flag and not issue a certificate if they encounter an unrecognized > property with this flag set. > > > > -- MOTION ENDS – > > > > The procedure for approval of this ballot is as follows: > > Discussion (7+ days) > > Start Time: 2018-03-07 19:00:00 UTC > > End Time: 2018-04-03 19:00:00 UTC > > > > Vote for approval (7 days) > > Start Time: 2018-04-03 19:00:00 UTC > > End Time: 2018-04-10 19:00:00 UTC > > > > > > > > *Corey Bonnell* > > Senior Software Engineer > > t: +1 412.395.2233 > > > > *Trustwave* | SMART SECURITY ON DEMAND > www.trustwave.com > > _______________________________________________ > Public mailing list > [email protected] > https://cabforum.org/mailman/listinfo/public > >
_______________________________________________ Public mailing list [email protected] https://cabforum.org/mailman/listinfo/public
