On Sun, 22 Nov 2020, Stephane Bortzmeyer wrote:
IMHO, the CAA algorithm is bad because it crosses administrative
boundaries. RFC 8659 at least excludes the root but it still allows,
for instance, AFNIC to put a CAA record in .fr which will apply to all
.fr domains which do not have an explicit CA
On Sun, Nov 22, 2020 at 10:56:58AM -0500,
John R Levine wrote
a message of 17 lines which said:
> I don't see why, since it only acts as a default. Any registrant
> that cares which CA they use can publish their own CAA.
Yes but many registrants don't know about CAA or did not pay attention
