[cabfpub] Ballot 92 - Unicode provisions

Hill, Brad bhill at paypal-inc.com
Thu Oct 25 12:20:36 MST 2012

The Unicode provisions reference Unicode Technical Report #36 and Unicode Technical Standard #39, which explain the reasoning and algorithms behind them in extraordinary detail.  These reports are linked in the text of the ballot, but here they are again:


As I said, I will also be donating reference code for the Java ICU library to implement these standards.

The IDNA RFC requirements are also referenced in the ballot, and there are a number of public implementations of such.

Nothing in the proposed language *forces* CAs to issue certificates with Internationalized Domain Names.  It is very simple to write the logic to allow only allow issuance of ASCII Domain Names and avoid dealing with Unicode entirely.

If a given CA genuinely feels they do not have sufficient technical expertise to understand and implement established and carefully explained security guidance and standards from the Unicode Consortium and the IETF for IDNs, I would recommend the proper course of action is for them to refrain from issuing certificate for IDNs entirely.  It would be irresponsible to do otherwise, would it not?

If a CA does want to do business in this segment of the marketplace, they should be able to demonstrate that they are capable of verifying subject strings appropriately and excluding forbidden ones.

-Brad Hill

From: management-bounces at cabforum.org [mailto:management-bounces at cabforum.org] On Behalf Of kirk_hall at trendmicro.com
Sent: Thursday, October 25, 2012 11:27 AM
To: ben at digicert.com; management at cabforum.org
Subject: [cabfman] Ballot 92

Ben, as Mads pointed out on the teleconference today, the period for discussion on Ballot 92 has ended, and the period for voting has started.

The ballot contains various controversial provisions, including the prohibition of DV SANS certs, and there are unanswered questions around the Unicode provisions.  Steve Roylance was not on the call to respond to questions about the ballot language, and the other sponsors were not able to explain all the language.

I think you said Ballot 92 would be withdrawn for now – is that correct?  If it is not withdrawn, we will have to vote no.

Kirk R. Hall
Operations Director, Trust Services
Trend Micro


The information contained in this email and any attachments is confidential

and may be subject to copyright or other intellectual property protection.

If you are not the intended recipient, you are not authorized to use or

disclose this information, and we request that you notify us by reply mail or

telephone and delete the original message from your mail system.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://cabforum.org/pipermail/public/attachments/20121025/b32908bd/attachment.html 

More information about the Public mailing list