← CABF Ballot Browser
Ballot-219 passed

Ballot 219 – Clarify handling of CAA Record Sets with no “issue”/”issuewild” property tag

Server Certificate Working Group

Key dates

Voting opened
03 Apr 2018 8 years ago
Voting closed
10 Apr 2018 8 years ago
Discussion opened
07 Mar 2018 8 years ago
Discussion closed
03 Apr 2018 8 years ago

AI Summary

Generated 2026-06-23 21:24 UTC

Outcome

  • Ballot 219 passed.
  • The page states that the voting period ended and the ballot passed.
  • Quorum was met with 21 total votes, exceeding the stated quorum requirement of 11.
  • The approval thresholds required by Bylaw 2.2(f) were met for both CAs and browsers.
  • The requirement that at least one CA Member and one browser Member vote in favor was met.

Purpose

  • The ballot addresses ambiguity in RFC 6844 about how to process a non-empty CAA Resource Record Set that lacks an issue property tag, and for wildcard domain names also lacks an issuewild property tag.
  • The ballot states that the intent of the RFC is that such a record set is implicit permission to issue.
  • The proposed change allows CAA processing consistent with that stated intent.

Changes to the Baseline Requirements

  • The ballot modifies the Baseline Requirements for the Issuance and Management of Publicly-Trusted Certificates based on version 1.5.6.
  • In section 3.2.2.8, it adds that CAs may treat a non-empty CAA Resource Record Set with no issue property tags, and for wildcard processing no issuewild property tags, as permission to issue, provided no records in the set otherwise prohibit issuance.
  • It also adds language requiring CAs to process the issue, issuewild, and iodef property tags as specified in RFC 6844.
  • CAs are not required to act on the contents of the iodef property tag.
  • Additional property tags may be supported, but they must not conflict with or supersede the mandatory property tags in the document.
  • CAs must respect the critical flag and must not issue a certificate if they encounter an unrecognized property with that flag set.

Voting details

  • CA votes: 18 yes, 0 no, 0 abstain.
  • Browser votes: 3 yes, 0 no, 0 abstain.
  • The page reports 100% of voting CAs voted in favor and 100% of voting browsers voted in favor.

Process dates

  • Discussion started on 2018-03-07 at 19:00:00 UTC.
  • Discussion ended on 2018-04-03 at 19:00:00 UTC.
  • Voting started on 2018-04-03 at 19:00:00 UTC.
  • Voting ended on 2018-04-10 at 19:00:00 UTC.

Effective date

  • The supplied evidence states the ballot passed and describes the text changes, but it does not provide a separate compliance or effective date for the requirement changes.
Model: gpt-5.4 Revised: 2026-06-23 21:24 UTC Confidence: 0.95 Result: passed
Voting opened
2018-04-03
Voting closed
2018-04-10
Discussion opened
2018-03-07
Discussion closed
2018-04-03

AI-generated from the CABF ballot page. The official CABF article remains the authoritative source.

Proposers

Corey Bonnell of Trustwave and endorsed by Tim Hollebeek of Digicert and Mads Egil Henriksveen of Buypass.

Excerpt

SearchHome » All CA/Browser Forum Posts » Ballot 219 – Clarify handling of CAA Record Sets with no “issue”/”issuewild” property tagBallot 219 – Clarify handling of CAA Record Sets with no “issue”/”issuewild” property tagThe voting period for Ballot 219 has ended and the ballot has passed. Here are the results.

View on cabforum.org → Last fetched 16 hours ago

We use only essential cookies and local browser storage for preferences and security. See our Privacy Policy for details.

Confirm action