AGWA
commented
6 years ago This is a known problem. Unfortunately, it won't be easy to fix until Mozilla starts collecting per-intermediate CAA information.
Open brauckmann opened 6 years ago
AGWA
commented
6 years ago This is a known problem. Unfortunately, it won't be easy to fix until Mozilla starts collecting per-intermediate CAA information.
The autogenerate-feature currently does not respect intermediate-specific CAA identifiers. See also issue #39. It produces CAA RRs which are unusable for the users of intermediate CAs with specific CAA identifiers.
Test case: domain www.dfn.de currently auto-generates a CAA RR
It should generate:
As this is done via api https://sslmate.com/caa/api/autogenerate/ which does not seem to be part of any public repository, its not possible to help with a patch.