[Last-Call] Artart last call review of draft-ietf-lamps-caa-issuemail-04

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Reviewer: John Levine
Review result: Ready with Nits

This draft adds a new "issuemail" property to the CAA RRTYPE to manage
S/MIME records. Its tag syntax is identical to the existing "issue"
and "issuewild" properties. Section 3 repeats the entire definition of
the issue property tag syntax rather than saying "The issuemail
Property Tag has the same syntax as the issue Property Tag" but it's
OK as is.

The draft wisely does not attempt to deal with individual email
addresses, since we have yet to invent a method to put them in the DNS
in a way that correctly represents them and scales. 

It's never been clear how one ensures that the requestor for a S/MIME
cert is authorized to ask for a cert for the address, since from the
outside you can't tell anything about the relationship between a
domain and e-mail addresses at that domain. (Consider, for example,
addresses at gmail.com. ietf.org, and fbi.gov.) While this change
doesn't make the authorization issue any worse, it also doesn't
improve it. It'd be worth a sentence in the security section to remind
people that the CAA restrictions have to be used along with some other
way to check whether it is OK for the CA to sign a cert for a specific
address.




-- 
last-call mailing list
last-call@xxxxxxxx
https://www.ietf.org/mailman/listinfo/last-call



[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Mhonarc]     [Fedora Users]

  Powered by Linux