On 24/01/18 21:45, Corey Bonnell via Public wrote: > Given that the intent of the RFC is clear (such a CAA Resource Record > Set is implicit permission to issue), we are proposing the following > change to allow for CAA processing consistent with the intent of the RFC.
I don't think the intent of the RFC on this point is particularly clear, but I agree that specified behaviour is better than unspecified. > CAs MAY treat a non-empty CAA Resource Record Set that does not contain > any issue property tags (and also does not contain any issuewild > property tags when performing CAA processing for a Wildcard Domain Name) > as permission to issue, provided that a) issuance would be consistent with any other property tags which are present; and b) the CAA Resource Record Set does not contain any unrecognized property with the critical flag set. This is a little bit of future-proofing, which you could add if you felt it valuable. There are no such other property tags (as mentioned in bullet a) defined at the moment, but that may not always be true. In fact, if we have a), perhaps b) is redundant? Gerv _______________________________________________ Public mailing list [email protected] https://cabforum.org/mailman/listinfo/public
