[cabfpub] SRV Ballot
Jeremy Rowley
jeremy.rowley at digicert.com
Tue Jun 14 21:48:19 UTC 2016
Pretty sure you're losing the formatting. Wildcard FQDN had a strikethrough.
There's precedent for modifying (or at least overloading) 5280 so it's not
in the realm of impossibility to include a modification or revision to the
standard.
-----Original Message-----
From: Kurt Roeckx [mailto:kurt at roeckx.be]
Sent: Tuesday, June 14, 2016 3:44 PM
To: Jeremy Rowley <jeremy.rowley at digicert.com>
Cc: public at cabforum.org
Subject: Re: [cabfpub] SRV Ballot
On Fri, Jun 10, 2016 at 05:28:04PM +0000, Jeremy Rowley wrote:
>
> c) For an IP address entry, the CA MUST verify the entry in
accordance
> with Section 3.2.2.5 or has been granted the right to use it by the
> Domain Name Registrant or IP address assignee, as appropriate.
> Wildcard FQDNs are permitted.
An IP address that has a "Wildcard FQDN"? This isn't making much sense.
> As exceptions to RFC5280 and X.509, dNSName entries MAY contain
> Wildcard Domain Names, and FQDNs and Wildcard Domain Names MAY contain
> the underscore character ("_") in any location where the hyphen character
("-") is allowed.
I would really suggest that instead of adding exceptions to a standards that
you instead fix the standards, if needed. As someone who implements the
standards, I can be strict in implementing what it says that's allowed, and
the BRs are not going to override that.
Kurt
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4964 bytes
Desc: not available
URL: <http://lists.cabforum.org/pipermail/public/attachments/20160614/9c4f1595/attachment-0001.p7s>
More information about the Public
mailing list