Hugo, the CAA document is in WGLC. Russ raised the following issue on some text in section 2:
. . . A CA MUST only consider a property with an "account-uri" parameter to authorize issuance where the URI specified is an URI that the CA recognises as identifying the account making a certificate issuance request. > This is not a [crisp] MUST statement. I think it is trying to say two things > when the "account-uri" is present: > (1) the CA MUST NOT issue a certificate containing the domain name that > contains the CAA Resource Record if it does not recognize the account > referenced by the URI. > (2) the CA MUST use the account referenced by the URI in the authorization > process for a certificate request for the domain containing the CAA Resource > Record. > If this is correct, please separate these two requirements. If it is not > correct, please explain the text. Can you post an update next week? If not, would it help to add another author to do so? I would like to move this forward to the IESG soon. Please respond by early next week. Thank you. -- Senior Architect, Akamai Technologies Member, OpenSSL Dev Team IM: [email protected] Twitter: RichSalz _______________________________________________ Acme mailing list [email protected] https://www.ietf.org/mailman/listinfo/acme
