> Section 2 includes this text: > . . . A CA MUST only consider a property with an "account-uri" > parameter to authorize issuance where the URI specified is an URI > that the CA recognises as identifying the account making a > certificate issuance request. > This is not a crust MUST statement. I think it is trying to say two > things when the "account-uri” is present: > (1) the CA MUST NOT issue a certificate containing the domain name that > contains the CAA Resource Record if it does not recognize the account > referenced by the URI. > (2) the CA MUST use the account referenced by the URI in the > authorization process for a certificate request for the domain containing > the CAA Resource Record. > If this is correct, please separate these two requirements. If it is not > correct, please explain the text.
What does "crust MUST" mean? I don't understand your interpretation. A CA does not "use" (select) an account as part of the issuance process; the account has already been determined from the context of the issuance request. _______________________________________________ Acme mailing list [email protected] https://www.ietf.org/mailman/listinfo/acme
