On Tue, 5 Feb 2019 at 18:05, Robin Alden <robin.al...@sectigo.com> wrote: > > Wayne, Mattias, > We have a post-rebrand CPS which is almost ready to publish and has > a new Certificate Profiles section.
Thanks for the heads-up, is there a projected timeframe in which this new CPS will be available? > To the OP's first question, we continue to accept (amongst others) > comodo.com and comodoca.com as Issuer Domain Names in CAA records that > authorize us to issue. > > RFC6844 says > ".. authorizes the holder of the domain name <Issuer Domain > Name> or a party acting under the explicit authority of the holder > of that domain name to issue certificates for the domain in which > the property is published." > We are the holder of comodoca.com. We have explicit authority to use > comodo.com for this purpose. > > We have always disclosed updates to our CAA domains to the CCADB promptly. As stated earlier in the thread, the main problem is not per se the CAA domain validation, but about the issuer of the certificates created after CAA validation, as there was to my knowledge no public CP/CPS for the intermediates used for the certificate, which raised red flags in our internal certificate validation process. > Regards > Robin Alden > Sectigo Limited Regards, Matthias van de Meent Cofano Software Solutions (nl) _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy