Hi Ben and Jeremy, On 09/09/17 01:25, Ben Wilson wrote: > Those are typos. See section 4.2.1 of our CPS posted here: > https://www.digicert.com/wp-content/uploads/2017/09/DigiCert_CPS_v412.pdf
This reads: "The Certification Authority CAA identifying domains for CAs within DigiCert’s operational control are “digicert.com”, “digicert.ne.jp”, "cybertrust.ne.jp”, and any domain containing those identifying domains as suffixes (e.g. *.digicert.com)." This latter part, while not perhaps being against the letter of the RFC, is somewhat unhelpful for people who want to write software working with CAA, because they now can't just load it with a per-CA list of valid domain names, but have to post-process and stem the value in this case. Are you certain you need that provision? Gerv _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy
