Re: Public Discussion of GlobalSign's CA Inclusion Request for R46, E46, R45 and E45 Roots

All, GlobalSign has provided a very detailed incident report in Bugzilla - see https://bugzilla.mozilla.org/show_bug.cgi?id=1690807#c2. There are a few remaining questions that still need to be answered, so this email is just to keep you aware. Hopefully later this week I'll be able to come back

Re: The CAA DNS Operator Exception Is Problematic

On Mon, 8 Feb 2021 13:40:05 -0500 Andrew Ayer via dev-security-policy wrote: > The BRs permit CAs to bypass CAA checking for a domain if "the CA or > an Affiliate of the CA is the DNS Operator (as defined in RFC 7719) > of the domain's DNS." Hmm. Would this exemption be less dangerous for a CA