msw/draft-weidner-catalog-rr-ext
SHA256
1
1
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

V1.00.128.2025.06.03

Browse Source 
Signed-off-by: Marc S. Weidner <msw@coresecret.dev>
This commit is contained in:
Marc S. Weidner
2025-06-03 19:47:44 +02:00
parent cc37122276
commit 5ba1fa34ff
1 changed files with 6 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files
draft-weidner-catalog-rr-ext-00.rfc.xml
+6 -6
View File
@@ -137,8 +137,8 @@
<section> <section>
<name>CATALOG approach</name> <name>CATALOG approach</name>
<t>Currently, there is no standardized, discoverable mechanism in DNS for a domain owner to declare, which <t>Currently, there is no standardized, discoverable mechanism in DNS for a domain owner to declare, which
Certificate Transparency (CT) Logs must or may record its Certificates. Certificate Transparency (CT) Logs must or may record its Certificates. As a result, CAs rely on
As a result, CAs rely on out-of-band configurations or hard-coded lists, out-of-band configurations or hard-coded lists,
increasing operational complexity and expanding the attack surface. increasing operational complexity and expanding the attack surface.
</t> </t>
<section> <section>
@@ -1247,10 +1247,10 @@ https://caa-ct-sts.<domain>.<tld>/.well-known/caa-ct-sts.txt
</t> </t>
</section> </section>
<section anchor="redundancy"> <section anchor="redundancy">
<name>Policy Redundancy Considerations |𝑪| ≥ 𝑛 + 1 ∧ |𝑾| ≤ 2</name> <name>Policy Redundancy Considerations</name>
<t>Let 𝐶 be the number of critical CT-Logs and 𝑊 be the number of whitelisted (non-critical) CT-Logs, <t>Let c be the number of critical CT-Logs and w be the number of whitelisted (non-critical) CT-Logs,
then the following expression is strongly <strong>RECOMMENDED</strong>: then the following expression is strongly <strong>RECOMMENDED</strong>:
|𝑪| ≥ 𝑛 + 1 ∧ |𝑾| ≤ 2 |c| ≥ n + 1 ∧ |w| ≤ 2
</t> </t>
<t>While the "critical=true" flag in the CAA <strong>"issuect"</strong> Parameter enforces that every <t>While the "critical=true" flag in the CAA <strong>"issuect"</strong> Parameter enforces that every
Certificate issuance must be logged to all specified CT-Logs, this strict requirement can introduce Certificate issuance must be logged to all specified CT-Logs, this strict requirement can introduce
@@ -2061,7 +2061,7 @@ echo "${JSON}" | awk -v OWN="${OWN_DOMAIN}" -v CA="${CAA_DOMAIN}" -v CRIT="${CRI
improved the technical clarity and robustness of this draft. Their objective and insightful feedback has been improved the technical clarity and robustness of this draft. Their objective and insightful feedback has been
invaluable in refining the specification. invaluable in refining the specification.
</t> </t>
<contact fullname="André Horst Zimnol" initials="A. H." <contact fullname="Andre Horst Zimnol" initials="A. H."
surname="Zimnol"> surname="Zimnol">
<organization>Private Contributor</organization> <organization>Private Contributor</organization>
<address> <address>