Is it expected from all CAs that they obey CAA records, or is it something just made up by the community to crush the big CAs? I see an RFC from just a few years ago, and I'm not sure how these things are standardised.
On a requirement they voted for half a year ago for a standard specified 5 years ago. It's sloppy and sloppy is not a property you want in a certificate authority.
Three days is quite a long time to be late, so I'd hope someone over there is getting a reprimand, but yeah, it's also not a disaster. They're response and time to remedy this will be more telling I think.
Three days over a weekend, though. Context matters. Even if it's the most critical incident, you can't force employees to work outside of business hours.
That makes no difference as to when the three days where. I never made any claims as to why it's late or them lying. I merely clarified that the three days were over a period where people don't usually work.
Any CA that issues certificates publicly need to check CAA from the 8th of September onward.
[1] https://cabforum.org/2017/03/08/ballot-187-make-caa-checking...