Fulfilling my promise made the other day ? A PR to address the CAA issue.
Rich's new text reads as follows: "Further, an ACME-based CA can use the
Certification Authority Authorization record {{!RFC6844}} to prevent it
from being misdirected and generate an unauthorized issuance."
IMHO we need a "SHOULD" here. If you're an ACME server, there's no
reason to ignore CAA records. Especially since we are looking into
adding ACME-specific information into these records, in
draft-ietf-acme-caa-01.
Thanks,
Yaron
_______________________________________________
Acme mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/acme
