I agree with Phillip; if we want email CAA to be a thing, we need to define and specify that thing. And I think it should be a thing.
New RFCs are not that hard and need not even be that long. -Tim > -----Original Message----- > From: dev-security-policy [mailto:dev-security-policy- > bounces+tim.hollebeek=digicert....@lists.mozilla.org] On Behalf Of Phillip > Hallam-Baker via dev-security-policy > Sent: Tuesday, May 15, 2018 9:22 PM > To: mozilla-dev-security-pol...@lists.mozilla.org > Subject: Re: question about DNS CAA and S/MIME certificates > > When I wrote CAA, my intention was for it to apply to SSL/TLS certs only. I did > not consider S/MIME certs to be relevant precisely because of the > al...@gmail.com problem. > > I now realize that was entirely wrong and that there is in fact great utility in > allowing domain owners to control their domains (or not). > > If gmail want to limit the issue of Certs to one CA, fine. That is a business choice > they have made. If you want to have control of your online identity, you need > to have your own personal domain. That is why I have hallambaker.com. All my > mail is forwarded to gmail.com but I control my identity and can change mail > provider any time I want. > > One use case that I see as definitive is to allow paypal to S/MIME sign their > emails. That alone could take a bite out of phishing. > > But even with gmail, the only circumstance I could see where a mail service > provider like that would want to restrict cert issue to one CA would be if they > were to roll out S/MIME with their own CA. > _______________________________________________ > dev-security-policy mailing list > dev-security-policy@lists.mozilla.org > https://clicktime.symantec.com/a/1/XjZsJF4yykVlCzqgt57_FIwsOTe0fR6a3C5kS > Yh_IZ4=?d=lJg-wcLQ8TKi5x2vK8SJOJCjdKNbOFzJppz0UZwOpX_uS1wS1Mw- > 5j_nOlfxrvZ_g0tSYqMRWJezQvAWyNySPmWiq8oV2gEI6bF- > MXCodHj66yn6adEuwqxiAwHJd6tamadI6Kf- > pHadUoBbCN15Wb8AEG3D126zrUxw7umhl5JRMC5lYu4kHiYb5kss5F0cvapf8h_ > U7XuRliUCpAUdVY_VtggCy6Hbk0u6x2IlNY411Cb49wMqOGMavYTwrT8CADJZ_ > OJ3cmVnrJLAclZ2Y96VSVSZpzc4h5UeBneGuFjm8T-ikCgGY3kDZfTHOOex- > VrdHh0nbhZf-yoOgGiXg0naMQ0MnoHA_-L9tUotMKl1e-yScY5S- > BG6sVyAe68iMOFtJaUYcyEV14-JlCiHpK8pRgYpdvB1V8O3IASeKCzuOiTPvJLrn- > gCM2xICBAH- > QzxWPVhgGZtP9OqMlqRDCJUeiAg9PJt&u=https%3A%2F%2Flists.mozilla.org% > 2Flistinfo%2Fdev-security-policy
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy
