> Have you seen the thread on the LAMPS (SPASM) mailing list, titled
> "CAA Erratum 4515"? That raises some technical issues, which make me
> (as an individual at least) think it's premature.
I wasn't aware of this.
However, as far as I'm aware mandatory CAA checking is now a done deal:
https://cabforum.org/pipermail/public/2017-March/009988.html
I'd therefore argue it isn't premature, a) because CAs are going to have
to implement it by September anyway, b) because it's already used in
production (Let's Encrypt) successfully.
In light of the CAB Forum resolution, the additional utility of adding a
normative requirement to the ACME RFC is marginal, so I'm no longer
terribly bothered either way, though still ultimately in favour.
___
Acme mailing list
Acme@ietf.org
https://www.ietf.org/mailman/listinfo/acme