7Nis
Precedence of CAA domain climbing
Some CA ('myca') gets a CSR only containing s1.s2.domain.com. The CAA entries are
s2.domain.com issue ';'domain.com issue 'myca'
No other entries exist. Are we allowed to issue? Reading section 4 in https://www.rfc-editor.org/rfc/rfc6844#section-4, I think 1. should take precedence, so 'myca' is not allowed to issue. Is that correct?
