On Sep 1, 2016, at 3:19 AM, Stephane Bortzmeyer <bortzmeyer@nic.fr> wrote:
On Thu, Sep 01, 2016 at 11:36:57AM +1000, Matt Palmer <mpalmer@hezmatt.org> wrote a message of 45 lines which said:
I'd be surprised if most business continuity people could even name their cert provider,
And they're right because it would be a useless information: without DANE, *any* CA can issue a certificate for *your* domain, whether you are a client or not.
It's relevant for a different reason; CA health needs to be monitored, and multiple CAs can (should) be used in case CA A's recognition gets pulled or a catastrophe happens. Having certs from CA B then gets you going either immediately (if you actively use both) or rapidly (if you need to replace certs on web / services front end). Getting new ones from CA B in a hurry can be a major deal. Sent from my iPhone