- From: Stephen Farrell <stephen.farrell@cs.tcd.ie>
- Date: Mon, 18 May 2015 19:57:19 +0100
- To: noloader@gmail.com, ryan-w3-web-security@sleevi.com
- CC: "public-web-security@w3.org" <public-web-security@w3.org>, Rigo Wenning <rigo@w3.org>
On 18/05/15 19:45, Jeffrey Walton wrote: >> >So again, no, that's what not CAA is for. (Though this group isn't the >> >best place to explain CAA or how it should work, it was enough to qualify >> >precisely why CAA has no relevance of bearing for clients, lest someone >> >think it does) > Thanks. FWIW, I concur with Ryan that CAA is not designed to be used by relying parties (clients). And as it happens we didn't specifically cover CAA (or even mention it) in the strews report - the IETF bits of that aren't intended to be comprehensive but more to indicate the kinds of things being worked on in the IETF that affect web security. (The report is already too long already:-) The point you make that we didn't really address the registrar information (WHOIS etc) is reasonable though, if we were going to modify it, (not sure if we will) I'd add some text on that (and also on the privacy issues that are related). Cheers, S.
Received on Monday, 18 May 2015 18:58:04 UTC