I would have checked Sept 9th as Sept 8th at midnight would be the last possible moment when the CPS could be updated and still be compliant.
> On Sep 9, 2017, at 3:33 PM, Andrew Ayer via dev-security-policy > <dev-security-policy@lists.mozilla.org> wrote: > > On Fri, 8 Sep 2017 15:22:52 -0700 (PDT) > Andy Warner via dev-security-policy > <dev-security-policy@lists.mozilla.org> wrote: > >> Google Trust Services published updated CP & CPS versions earlier >> today covering CAA checking. I'd suggest checking all CAs again >> tomorrow. Given the range of timezones CA operational staffs operate >> across, some may not have had a chance to publish their updates yet. > > At the time I checked, it was already September 8 in all timezones. > >> In terms of the 'rush' I suspect many CAs have had language prepared >> to publish well in advance, but were holding off given the number of >> discussions in various forums about how to interpret some sections of >> the RFC and BRs. Many of those discussions continued until the last >> moment, so holding off to ensure published details aligned with >> community consensus was a reasonable approach. > > Could you point to a discussion that would suggest that not checking CAA > at all (which is what many CAs' CP/CPSes said, including Google Trust > Services') was a reasonable interpretation of the BRs? > > The published details need to align with what the CA is doing. In some > cases there may be ongoing discussions about how to interpret > requirements (though I believe in the case of CAA they had all > concluded well before the deadline), but that shouldn't stop a CA from > publishing how _they_ have interpreted the requirements, so that > relying parties know what the CA is doing. > > Regards, > Andrew > > _______________________________________________ > dev-security-policy mailing list > dev-security-policy@lists.mozilla.org > https://lists.mozilla.org/listinfo/dev-security-policy _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy
