+1
Il 11/09/2017 23:28, Jeremy Rowley via dev-security-policy ha scritto:
I would support that. I can't recall why it's in there. -----Original Message----- From: Jonathan Rudenberg [mailto:jonat...@titanous.com] Sent: Monday, September 11, 2017 3:19 PM To: Jeremy Rowley <jeremy.row...@digicert.com> Cc: mozilla-dev-security-pol...@lists.mozilla.org Subject: Re: CAA Certificate Problem ReportOn Sep 11, 2017, at 17:03, Jeremy Rowley via dev-security-policy <dev-security-policy@lists.mozilla.org> wrote: For a little more context, the idea is that we can speed up the CAA check for all customers while working with those who have DNSSEC to make sure they aren't killing performance. If there's a way to group them easily into buckets (timeout + quick does DNSSEC exist check), working on improving the experience for that particular set of customers is easier. That bucket can then be improved later.Given the disaster that DNSSEC+CAA has been over the past few days for multiple CAs and the fact that it’s optional in the CAA RFC, what do you think about proposing a ballot to remove the DNSSEC requirement from the BRs entirely? Jonathan _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy
smime.p7s
Description: Firma crittografica S/MIME
_______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy