> Hugo, the CAA document is in WGLC. Russ raised the following issue on some > text in section 2: > > . . . A CA MUST only consider a property with an "account-uri" > parameter to authorize issuance where the URI specified is an URI > that the CA recognises as identifying the account making a > certificate issuance request. > > > This is not a [crisp] MUST statement. I think it is trying to say two > > things when the "account-uri" is present: > > > (1) the CA MUST NOT issue a certificate containing the domain name that > > contains the CAA Resource Record if it does not recognize the account > > referenced by the URI. > > > (2) the CA MUST use the account referenced by the URI in the authorization > > process for a certificate request for the domain containing the CAA > > Resource Record. > > > If this is correct, please separate these two requirements. If it is not > > correct, please explain the text. > > Can you post an update next week? If not, would it help to add another > author to do so? I would like to move this forward to the IESG soon. Please > respond by early next week.
I don't understand this issue. The wording is clear. _______________________________________________ Acme mailing list [email protected] https://www.ietf.org/mailman/listinfo/acme
