W3C home > Mailing lists > Public > public-web-security@w3.org > May 2015

Re: [W3C Web Security IG] Strews report - phase 2

From: Stephen Farrell <stephen.farrell@cs.tcd.ie>
Date: Mon, 18 May 2015 19:57:19 +0100
Message-ID: <555A360F.4080200@cs.tcd.ie>
To: noloader@gmail.com, ryan-w3-web-security@sleevi.com
CC: "public-web-security@w3.org" <public-web-security@w3.org>, Rigo Wenning <rigo@w3.org>


On 18/05/15 19:45, Jeffrey Walton wrote:
>> >So again, no, that's what not CAA is for. (Though this group isn't the
>> >best place to explain CAA or how it should work, it was enough to qualify
>> >precisely why CAA has no relevance of bearing for clients, lest someone
>> >think it does)
> Thanks.
FWIW, I concur with Ryan that CAA is not designed to be used
by relying parties (clients). And as it happens we didn't specifically
cover CAA (or even mention it) in the strews report - the IETF
bits of that aren't intended to be comprehensive but more to
indicate the kinds of things being worked on in the IETF that
affect web security. (The report is already too long already:-)

The point you make that we didn't really address the registrar
information (WHOIS etc) is reasonable though, if we were
going to modify it, (not sure if we will) I'd add some text on
that (and also on the privacy issues that are related).

Cheers,
S.
Received on Monday, 18 May 2015 18:58:04 UTC

This archive was generated by hypermail 2.3.1 : Monday, 18 May 2015 18:58:04 UTC