IETF Logo Mail Archive

Re: [Spasm] CAA erratum 4515

Phillip Hallam-Baker <phill@hallambaker.com> Sun, 12 March 2017 18:43 UTC

Return-Path: <hallam@gmail.com>
X-Original-To: spasm@ietfa.amsl.com
Delivered-To: spasm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A9C9212949E for <spasm@ietfa.amsl.com>; Sun, 12 Mar 2017 11:43:58 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.349
X-Spam-Level:
X-Spam-Status: No, score=-2.349 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, FREEMAIL_FORGED_FROMDOMAIN=0.249, FREEMAIL_FROM=0.001, HEADER_FROM_DIFFERENT_DOMAINS=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id lIkVPutAcha7 for <spasm@ietfa.amsl.com>; Sun, 12 Mar 2017 11:43:57 -0700 (PDT)
Received: from mail-yw0-x231.google.com (mail-yw0-x231.google.com [IPv6:2607:f8b0:4002:c05::231]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 56631129481 for <spasm@ietf.org>; Sun, 12 Mar 2017 11:43:57 -0700 (PDT)
Received: by mail-yw0-x231.google.com with SMTP id p77so48294122ywg.1 for <spasm@ietf.org>; Sun, 12 Mar 2017 11:43:57 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:sender:in-reply-to:references:from:date:message-id :subject:to:cc; bh=o6hwVEZx5z3iYCkvAIUsY73syUbOYO9Ko+ihvtQlGj4=; b=Hz9CUbcxqtfJ394BLdiL4KfI5u+QwE1E3vU3ifr71TeulRwDgsAXxgNilzXRbdriqt 0h9G4KcT3UbFK4uezI7s5uFs1zzUCU+FX6hmoMDXrpUBobWbsLlYouaRGAs7wlN1pnJZ qqy7shXn0PngW95m+XI5MNFqN+b7pj45iZ7sIiM1/+P1cTrp1f0aQ7RgR9NKpRnMoIpv sHCBnHC9zmx/oGw5+5Xr7gr9paW3vo2LFyfu05Dy8f36dP13QWFUKgIb75t7WvzwwBPN vypqmFCAwPmn/TI3DiN7qi3UNaqHLl9kYDw9duhcbjTECDRaMptJUFn1wgl3TdkyDIjM 6gqA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:sender:in-reply-to:references:from :date:message-id:subject:to:cc; bh=o6hwVEZx5z3iYCkvAIUsY73syUbOYO9Ko+ihvtQlGj4=; b=Gg4YbEvCKesz9JsLyJF3y/RX0syyYp/4Ax9ZgPyKg/75AUkcl1I4okCzAxbtWS2m3K uH4hqB1USnVlsdsgjRH4lWnKfLdKMoATlCgYvl3cbxD281q9Vu3e8Bt3ete7sG/BVQOK WBYTCoI5fN4Jgcvu9svNbiCBc7ARMCiPlTPndBFTlNCBUdB7vJ2nCsUBX46Qa5os3/eF toPvt1MFe2cUqzD5kGS/Ia8gt1QCLiMLNkfoGVsz6D/3NHsnWRtidvYgNMkejlYFF3BK Bi2pDUkuDGd06CmyvQK4auFzUD67cZIizB8yi6cSGe31A31DWcOoK1OjKvOJGBdZqYpW IDyA==
X-Gm-Message-State: AMke39kGAJX+Mc11HGhH1d+jaaoW/6r8+Sas1YVmFr6pfYtPJu1x8iJIER8LQdczNEAW4Wgwrs+TYzKfipfhzw==
X-Received: by 10.129.115.84 with SMTP id o81mr15871755ywc.186.1489344236518; Sun, 12 Mar 2017 11:43:56 -0700 (PDT)
MIME-Version: 1.0
Sender: hallam@gmail.com
Received: by 10.83.19.20 with HTTP; Sun, 12 Mar 2017 11:43:55 -0700 (PDT)
In-Reply-To: <a57addb3-d297-8d60-8f40-c7e802921561@eff.org>
References: <79cf5707-693e-abf0-9e35-5dcc94a3e877@eff.org> <CAErg=HFtk0EKASTpWwNVhcT4zk2+ei-KPv=cMYDQej2oGJi=rw@mail.gmail.com> <9c55abf5-b81b-d9cb-c88c-7ea5bc6390c8@eff.org> <CAErg=HGT7FyDKgm8cAUojhGDOzLUkn=bw1Xdghbqnxw-79zQiw@mail.gmail.com> <8f216ae1-d236-79c1-5baf-44cf7bfa619b@eff.org> <CAErg=HFeAMLF4vY59oTBh=OpeChyG8SpJ406cE=CpjouA9fq8w@mail.gmail.com> <7f9c38ad-aa39-c403-0320-7300619b9986@eff.org> <CAErg=HE34vYrrtCe1jGgaO0mAdGqiYaGMEpJaXJDf4Pp19WN-Q@mail.gmail.com> <e00e0b36-b3f4-d544-0f85-5af10641d310@eff.org> <CAErg=HEURahEODsz9bPyS+B0NYsAioh6P5HeZsXmQUoJhC-9JQ@mail.gmail.com> <a57addb3-d297-8d60-8f40-c7e802921561@eff.org>
From: Phillip Hallam-Baker <phill@hallambaker.com>
Date: Sun, 12 Mar 2017 14:43:55 -0400
X-Google-Sender-Auth: I2KYfWSAnF9YSRgO1OlcaqUYu44
Message-ID: <CAMm+LwgKOQiJNjzFtXtxt26uhdQY8UyT344dGRPWmCs2MGS-Og@mail.gmail.com>
To: Jacob Hoffman-Andrews <jsha@eff.org>
Content-Type: multipart/alternative; boundary="001a1147e3022a8530054a8cfa0d"
Archived-At: <https://mailarchive.ietf.org/arch/msg/spasm/u0TcYqFYIBVULEayVD4oI9waZt4>
Cc: Patrick Donahue <pat@cloudflare.com>, Gervase Markham <gerv@mozilla.org>, Phillip Hallam-Baker <philliph@comodo.com>, Ryan Sleevi <ryan-ietf@sleevi.com>, Peter Bowen <pzb@amzn.com>, SPASM <spasm@ietf.org>, Rob Stradling <rob.stradling@comodo.com>
Subject: Re: [Spasm] CAA erratum 4515
X-BeenThere: spasm@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." <spasm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/spasm>, <mailto:spasm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/spasm/>
List-Post: <mailto:spasm@ietf.org>
List-Help: <mailto:spasm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/spasm>, <mailto:spasm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 12 Mar 2017 18:43:58 -0000

If people want an escape hole 'anyone can issue' in CAA, I would rather do
it by defining generic domains:

ev.cabforum.org
dv.cabforum.org

That avoids the need to define new tags or update processing code. They are
simply domains that any WebTrust or ETSI audited CA issuing to those
requirements can issue.

v2.23.0 | Report a Bug | By Email