Hi Kathleen, I suggest being explicit about which CAA errata Mozilla allows.
For CNAME, it's erratum 5065. For DNAME, it's erratum 5097. Link to errata: https://www.rfc-editor.org/errata_search.php?rfc=6844 We don't want CAs to think they can follow any errata they like, or to come up with their own interpretation of what "natural" means :-) Regards, Andrew On Wed, 25 Oct 2017 12:46:40 -0700 (PDT) Kathleen Wilson via dev-security-policy <dev-security-policy@lists.mozilla.org> wrote: > All, > > I will greatly appreciate your thoughtful and constructive feedback > on the DRAFT of Mozilla's next CA Communication, which I am hoping to > send in early November. > > https://wiki.mozilla.org/CA/Communications#November_2017_CA_Communication > > Direct link to the survey: > https://ccadb-public.secure.force.com/mozillacommunications/CACommunicationSurveySample?CACommunicationId=a051J00003mogw7 > > Thanks, > Kathleen > > _______________________________________________ > dev-security-policy mailing list > dev-security-policy@lists.mozilla.org > https://lists.mozilla.org/listinfo/dev-security-policy > _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy