On 2015-04-14 13:54, Rob Stradling wrote:
On 14/04/15 12:38, Kurt Roeckx wrote:
On 2015-04-14 01:15, Peter Kurrasch wrote:
Let's use an example. Suppose CNNIC issues a cert for
whitehouse[dot]gov and let's further suppose that CNNIC includes this
cert in the CT data since they have agreed to do that. What happens
next?
What I've been wondering about is whether we need a mechanism where the
CT log should approve the transition from one issuer to an other.
Kurt, isn't CAA (RFC6844) the tool for this job?
I don't see everybody publishing that. Or do you want to make it a
requirement that everybody publishes such a record?
Kurt
_______________________________________________
dev-security-policy mailing list
dev-security-policy@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-security-policy
