Re: [lamps] CAA tags

Tim Hollebeek <tim.hollebeek@digicert.com> Tue, 19 December 2017 14:50 UTC

From: Tim Hollebeek <tim.hollebeek@digicert.com>
To: Ryan Sleevi <ryan-ietf@sleevi.com>
CC: Jacob Hoffman-Andrews <jsha@eff.org>, "spasm@ietf.org" <spasm@ietf.org>
Thread-Topic: [lamps] CAA tags
Thread-Index: AdN4J3TZ60fppeKgRNaOHREkYP39nwArdI8AAAC/MGA=
Date: Tue, 19 Dec 2017 14:50:44 +0000
Message-ID: <DM5PR14MB12894853413B1055CEF6FA74830F0@DM5PR14MB1289.namprd14.prod.outlook.com>
References: <DM5PR14MB1289FA2B76543ABAF16FD0EF830E0@DM5PR14MB1289.namprd14.prod.outlook.com> <CAErg=HEL93NpPjEZnAFQD3Epk5dHW41qmXJGOPA_7wvKvmsGJA@mail.gmail.com>
In-Reply-To: <CAErg=HEL93NpPjEZnAFQD3Epk5dHW41qmXJGOPA_7wvKvmsGJA@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
received-spf: None (protection.outlook.com: digicert.com does not designate permitted sender hosts)
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: multipart/signed; protocol="application/x-pkcs7-signature"; micalg="2.16.840.1.101.3.4.2.1"; boundary="----=_NextPart_000_05C8_01D3789E.0F00E880"
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-Network-Message-Id: fa70d60b-a14b-4b5b-bc5c-08d546efe21d
X-MS-Exchange-CrossTenant-originalarrivaltime: 19 Dec 2017 14:50:44.6270 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: cf813fa1-bde5-4e75-9479-f6aaa8b1f284
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM5PR14MB1290
Archived-At: <https://mailarchive.ietf.org/arch/msg/spasm/eke7V1_HGK7nxUKH-tP-hhZVKTE>
Subject: Re: [lamps] CAA tags
X-BeenThere: spasm@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." <spasm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/spasm>, <mailto:spasm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/spasm/>
List-Post: <mailto:spasm@ietf.org>
List-Help: <mailto:spasm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/spasm>, <mailto:spasm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 19 Dec 2017 14:50:49 -0000

As I noted in the preface to my initial email in this thread [1], one other person has pointed out the same thing to me.  I noted that not only is this an option, but it solves two problems with the original proposal, so I’m personally leaning towards it.  We’ll see what other CAs think.

 

That is, why is the set of policy not

 

CAA issue 0 "example.com <http://example.com> "

CAA issue 0 "example.net <http://example.net> "

CAA validation 128 "type=EV method=1,2,3,4"

 

On Mon, Dec 18, 2017 at 12:41 PM, Tim Hollebeek <tim.hollebeek@digicert.com <mailto:tim.hollebeek@digicert.com> > wrote:

Note that it has been privately pointed out to me that one possible solution to the criticality problem and the scaling problem is to use top-level tags that are independent of the issue records:

CAA 0 issue “a.example.com <http://a.example.com> ”

CAA 0 issue “b.example.com <http://b.example.com> ”

CAA 128 validation “Phone”

Attachment: smime.p7s

[lamps] CAA tags Tim Hollebeek
Re: [lamps] CAA tags Jacob Hoffman-Andrews
Re: [lamps] CAA tags Tim Hollebeek
Re: [lamps] CAA tags Ryan Sleevi
Re: [lamps] CAA tags Tim Hollebeek
Re: [lamps] CAA tags Rob Stradling
Re: [lamps] CAA tags Phillip Hallam-Baker
Re: [lamps] CAA tags Stephen Farrell
Re: [lamps] CAA tags Ryan Sleevi
Re: [lamps] CAA tags Tim Hollebeek
Re: [lamps] CAA tags Tim Hollebeek
Re: [lamps] CAA tags Stephen Farrell
Re: [lamps] CAA tags Tim Hollebeek
Re: [lamps] CAA tags Ryan Sleevi
Re: [lamps] CAA tags Tim Hollebeek

Re: [lamps] CAA tags

Attachment: smime.p7s