On 22/06/15 21:12, Stephen Kent wrote:
<snip>
The Log, when receiving a recently signed pre-certificate SHOULD
assist in detection of bogus certificates by checking CAA records
[rfc6844] and sending a report to the URL as specified in the iodef
property.
we'll have to think more about our examples. I'm not sure that 6844 has
gained enough traction to cite it here, but I'll defer to others on
this issue.
<snip>
if CAA records are widely used, then I agree with your prioritization,
but ???
We've been doing CAA checks on all server cert requests for the last
couple of months. So far we've only encountered CAA records for 2
domains, both of which belong to us!
So I think it's fair to say that CAA records are not yet widely used!
--
Rob Stradling
Senior Research & Development Scientist
COMODO - Creating Trust Online
_______________________________________________
Trans mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/trans
