Re: [lamps] Next steps on CAA
"John R Levine" <johnl@taugh.com> Fri, 06 October 2017 22:25 UTC
Return-Path: <johnl@taugh.com>
X-Original-To: spasm@ietfa.amsl.com
Delivered-To: spasm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 66C43124207 for <spasm@ietfa.amsl.com>; Fri, 6 Oct 2017 15:25:42 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.001
X-Spam-Level:
X-Spam-Status: No, score=-2.001 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1536-bit key) header.d=iecc.com header.b=isp0cYIL; dkim=pass (1536-bit key) header.d=taugh.com header.b=GjMDCkjk
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id YK4Pf9cBoLRL for <spasm@ietfa.amsl.com>; Fri, 6 Oct 2017 15:25:41 -0700 (PDT)
Received: from gal.iecc.com (gal.iecc.com [IPv6:2001:470:1f07:1126:0:43:6f73:7461]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5A6CA1330B0 for <spasm@ietf.org>; Fri, 6 Oct 2017 15:25:41 -0700 (PDT)
Received: (qmail 26336 invoked from network); 6 Oct 2017 22:25:40 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=simple; d=iecc.com; h=date:message-id:from:to:cc:subject:in-reply-to:references:mime-version:content-type:user-agent; s=66dc.59d802e4.k1710; bh=lwab1XcZdRF2ta5OyHubdEvAPKjcGc/NMNRTaqA3A/4=; b=isp0cYILAgUeg5jrtx7saifWyhgsrdJ1jaQF3joFcg0EKiAAg6h6Xzw+/IjSDUFMVc3lrysGIYWBxcH4j2Y1kikGYWlUJcSxu5M8yGO4BAnnFSOf5aDu7wo2r6LvIn2Ksu7n9zJMPfJm/XyGUpGhO5vkBWvU2gJHWWeSxo8gjEPFdzg+gXk5n056u0uXVlO/cqvJykK7YG4ZKS2iKRgtWqz95T9Ak63TFRjCFbmm2419/moxZIbGAhyI1JXpCPCK
DKIM-Signature: v=1; a=rsa-sha256; c=simple; d=taugh.com; h=date:message-id:from:to:cc:subject:in-reply-to:references:mime-version:content-type:user-agent; s=66dc.59d802e4.k1710; bh=lwab1XcZdRF2ta5OyHubdEvAPKjcGc/NMNRTaqA3A/4=; b=GjMDCkjk4vK6CBGC82m+O/eqa2OnpcOTLaNuPozwbwbbgxQc1v6VKkx9NbNWj48nMIrdopHnOEYGN/EyqJMF9ooRK0wh8QPsuGHNOA7/+VaRWyYA30GpFUS6VUZCqYMSSNEQTyUhELuuj5zn+6xYKRFymGI80MTTYtw/mCNBIMDSdFoZa4C1c6vwcgDLYPCoeaFKS3wQgsYiXDof6yBIyavCOo8Cjek5dl7kgtUchcrHDBEy8zjRZDH+WiRTXDJi
Received: from localhost ([IPv6:2001:470:1f07:1126::78:696d:6170]) by imap.iecc.com ([IPv6:2001:470:1f07:1126::78:696d:6170]) with ESMTPS (TLS1.2/X.509/AEAD) via TCP6; 06 Oct 2017 22:25:40 -0000
Date: Fri, 06 Oct 2017 18:25:39 -0400
Message-ID: <alpine.OSX.2.21.1710061822300.33785@ary.qy>
From: John R Levine <johnl@taugh.com>
To: Jacob Hoffman-Andrews <jsha@eff.org>
Cc: SPASM <spasm@ietf.org>
In-Reply-To: <61e71386-fb35-0c00-e473-03f2a100c32c@eff.org>
References: <CACh0qC+jRjPMsf7YmDqoKZ0X1zWE2p=fUAo5uN3bZwwzBRG9Kg@mail.gmail.com> <alpine.OSX.2.21.1710061656080.33175@ary.qy> <7b98f765-4fea-5b71-e860-e46c11d6617e@eff.org> <alpine.OSX.2.21.1710061748500.33785@ary.qy> <61e71386-fb35-0c00-e473-03f2a100c32c@eff.org>
User-Agent: Alpine 2.21 (OSX 202 2017-01-01)
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="0-846918735-1507328740=:33785"
Archived-At: <https://mailarchive.ietf.org/arch/msg/spasm/pb1v8fyB71OQrtesfQbphVddmsQ>
Subject: Re: [lamps] Next steps on CAA
X-BeenThere: spasm@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." <spasm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/spasm>, <mailto:spasm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/spasm/>
List-Post: <mailto:spasm@ietf.org>
List-Help: <mailto:spasm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/spasm>, <mailto:spasm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 06 Oct 2017 22:25:42 -0000
>> mydom.example. CAA issue "nope" ; no web server here >> www.mydom.example. CNAME somehost.example. ; web server here >> >> Where does the CAA go? > Three options: > > - Remove the record on mydom.example I don't want a web server at all that name. No dice. > - Adjust the record for mydom.example to allow issuance by preferred CAs I still don't want a web server at that name. No dice. > - Ask the maintainer of somehost.example to install an appropriate CAA > record If you'll review the message two or three back at in this thread, you'll note that there are cases where somehost.example has 400,000 names CNAMEd to it. No dice. Waving this problem away is not helpful. R's, John
- [lamps] Next steps on CAA Phillip Hallam-Baker
- Re: [lamps] Next steps on CAA Jacob Hoffman-Andrews
- Re: [lamps] Next steps on CAA Russ Housley
- Re: [lamps] Next steps on CAA John Levine
- Re: [lamps] Next steps on CAA Patrick Donahue
- Re: [lamps] Next steps on CAA John R Levine
- Re: [lamps] Next steps on CAA Phillip Hallam-Baker
- Re: [lamps] Next steps on CAA Jacob Hoffman-Andrews
- Re: [lamps] Next steps on CAA John R Levine
- Re: [lamps] Next steps on CAA Jacob Hoffman-Andrews
- Re: [lamps] Next steps on CAA John R Levine
- [lamps] CAA tree climbing, gurrghhg John R Levine
- Re: [lamps] Next steps on CAA Phillip Hallam-Baker
- Re: [lamps] CAA tree climbing, gurrghhg Phillip Hallam-Baker
- Re: [lamps] CAA tree climbing, gurrghhg John R Levine
- Re: [lamps] CAA tree climbing, gurrghhg Ryan Sleevi
- Re: [lamps] CAA tree climbing, gurrghhg John R Levine
- Re: [lamps] CAA tree climbing, gurrghhg Phillip Hallam-Baker
- Re: [lamps] Next steps on CAA John Levine
- Re: [lamps] Next steps on CAA Phillip Hallam-Baker
- Re: [lamps] Next steps on CAA John R Levine
- Re: [lamps] Next steps on CAA Phillip Hallam-Baker
- Re: [lamps] Next steps on CAA John R Levine