On Wed, Feb 10, 2021 at 02:21:53AM +, Nick Lamb via dev-security-policy
wrote:
> On Mon, 8 Feb 2021 13:40:05 -0500
> Andrew Ayer via dev-security-policy
> wrote:
>
> > The BRs permit CAs to bypass CAA checking for a domain if "the CA or
> > an Affiliate of the CA is the DNS Operator (as
On Tue, Feb 9, 2021 at 9:22 PM Nick Lamb via dev-security-policy <
dev-security-policy@lists.mozilla.org> wrote:
> On Mon, 8 Feb 2021 13:40:05 -0500
> Andrew Ayer via dev-security-policy
> wrote:
>
> > The BRs permit CAs to bypass CAA checking for a domain if "the CA or
> > an Affiliate of the
On Mon, 8 Feb 2021 13:40:05 -0500
Andrew Ayer via dev-security-policy
wrote:
> The BRs permit CAs to bypass CAA checking for a domain if "the CA or
> an Affiliate of the CA is the DNS Operator (as defined in RFC 7719)
> of the domain's DNS."
Hmm. Would this exemption be less dangerous for a CA
On Mon, Feb 8, 2021 at 1:40 PM Andrew Ayer via dev-security-policy <
dev-security-policy@lists.mozilla.org> wrote:
> The BRs permit CAs to bypass CAA checking for a domain if "the CA or
> an Affiliate of the CA is the DNS Operator (as defined in RFC 7719)
> of the domain's DNS."
>
> Much like the
4 matches
Mail list logo
