AGWA
commented
7 years ago There's no point in setting the critical flag on issue and issuewild since these properties are defined in RFC6844 and are therefore not "unknown." To avoid any doubt, starting in September, the Baseline Requirements will explicitly require CAs to support issue and issuewild. Meanwhile, there is a lot of confusion around the critical flag (most notably, people thinking the value is 1 instead of 128) so I would like to avoid setting it unless actually necessary.
Per https://tools.ietf.org/html/rfc6844#section-3, the
Issuer Criticalflag can be set to enforce the issuer to understand the CAA record. Any reason you don't set it with this tool?