Reviewer: Hilarie Orman
Review result: Has Nits
Do not be alarmed. I generated this review of this document as part
of the security directorate's ongoing effort to review all IETF
documents being processed by the IESG. These comments were written
with the intent of improving security requirement
> 1. How do I cite the CABFORUM WebPKI set of anchors.
> Does it have a clear name? (Because it's not identical on all
> platforms/browsers/libraries).
I am pretty sure that there isn't one. Instead, each trust store operator
(e.g., browser vendor) is supposed to interpret the CA/B guidelines an
> 2. An attack where CA B (mistakenly) issues a certificate for corp.example,
> when it should have been CA A is called... ???
> I know it as Comodo-Gate.
(Your question almost identified an answer 😉 )
CAA (RFC6844, obsoleted by RFC8659), which was one good thing that came out of
the Comodo-gate
