> On Jun 8, 2017, at 11:27 AM, Salz, Rich <rs...@akamai.com> wrote: > > >> Hugo's CAA draft (already adopted, short, might be > >> ready for WGLC) -- https://tools.ietf.org/html/draft-ietf-acme-caa-01 > >> <https://tools.ietf.org/html/draft-ietf-acme-caa-01> > > This has moved to WGLC. If you know of any reason why it should not advance > to the IESG, please post by end of next week.
Section 2 includes this text: . . . A CA MUST only consider a property with an "account-uri" parameter to authorize issuance where the URI specified is an URI that the CA recognises as identifying the account making a certificate issuance request. This is not a crust MUST statement. I think it is trying to say two things when the "account-uri” is present: (1) the CA MUST NOT issue a certificate containing the domain name that contains the CAA Resource Record if it does not recognize the account referenced by the URI. (2) the CA MUST use the account referenced by the URI in the authorization process for a certificate request for the domain containing the CAA Resource Record. If this is correct, please separate these two requirements. If it is not correct, please explain the text. Russ
_______________________________________________ Acme mailing list Acme@ietf.org https://www.ietf.org/mailman/listinfo/acme
