1 Jun 2011 20:28
Re: Proposing CAA as PKIX Working Group Item
Stephen Kent <kent <at> bbn.com>
2011-06-01 18:28:36 GMT
2011-06-01 18:28:36 GMT
Folks, The CAA proposal proposes ways in which a CA can behave to reduce the likelihood of mis-issuing certs. It calls for a the domain name holder to publish a DNS record with info about the set of CAs that the DNS name holder views as authorized to issue certs for that domain. Since PKIX regularly develops standards that provide guidance re CA operation (to some extent) CAA seems to be appropriate for consideration as a PKIX work item. (I am less confident about the discussion of RP behavior, for some of the reasons cited in discussion on the PKIX list over the last few days). This proposal is currently targeted as Experimental, which seems appropriate. My one caveat to PHB is that IF CAA becomes a work item, the final form of the doc will be subject to the usual WG consensus procedures. I have discussed this with Stefan and he concurs. With that said, if PHB wants PKIX to adopt this work, the co-chairs are amenable. Steve _______________________________________________ pkix mailing list pkix <at> ietf.org https://www.ietf.org/mailman/listinfo/pkix
RSS Feed