[cabfpub] RFC5280-related Ballot - For Discussion

Peter Bowen pzb at amzn.com
Tue Apr 11 16:22:48 UTC 2017


I agree.  There seems to be quite a bit of opposition on the PKIX list to extending the length.  It was reasonably pointed out that things that process ASN.1 according to the schema will break.

However I would point out that this also rolls the other way — adding underscore should be safe, as the ASN.1 schema already allows this.

> On Apr 10, 2017, at 12:33 PM, Ryan Sleevi via Public <public at cabforum.org> wrote:
> 
> That's an interesting take. I read the same discussions and took quite the opposite conclusion.
> 
> On Mon, Apr 10, 2017 at 3:23 PM, Ben Wilson via Public <public at cabforum.org <mailto:public at cabforum.org>> wrote:
> All, <>
>  
> 
> I’ve posted the proposal to the PKIX list and haven’t heard sufficient opposition on that list, IMHO, that would merit holding up this proposed revision to the Baseline Requirements.  I need two endorsers for a ballot.
> 
>  
> 
> Thanks,
> 
>  
> 
> Ben   
> 
>  
> 
> From: Ryan Sleevi [mailto:sleevi at google.com <mailto:sleevi at google.com>] 
> Sent: Monday, April 3, 2017 9:59 AM
> To: CA/Browser Forum Public Discussion List <public at cabforum.org <mailto:public at cabforum.org>>
> Cc: Ben Wilson <ben.wilson at digicert.com <mailto:ben.wilson at digicert.com>>
> Subject: Re: [cabfpub] RFC5280-related Ballot - For Discussion
> 
>  
> 
> For those who want to understand why the IETF rejected this change, the thread begins at 
> 
>  
> 
> https://mailarchive.ietf.org/arch/msg/pkix/MJwKL1lqRDuEAhqQ1Ydb5eWBSIs/?qid=ace7ed4844045716922706d6a80b0747 <https://mailarchive.ietf.org/arch/msg/pkix/MJwKL1lqRDuEAhqQ1Ydb5eWBSIs/?qid=ace7ed4844045716922706d6a80b0747>
>  
> 
> You can also see https://datatracker.ietf.org/liaison/376/ <https://datatracker.ietf.org/liaison/376/> and the discussion at https://www.ietf.org/mail-archive/web/pkix/current/msg02361.html <https://www.ietf.org/mail-archive/web/pkix/current/msg02361.html>
>  
> 
> This was reviewed prior to the production of 5280 - that is, it was known at the time 5280 was produced, and was decided not to adopt - see https://www.ietf.org/mail-archive/web/pkix/current/msg02357.html <https://www.ietf.org/mail-archive/web/pkix/current/msg02357.html> and https://www.ietf.org/mail-archive/web/pkix/current/msg02336.html <https://www.ietf.org/mail-archive/web/pkix/current/msg02336.html>
>  
> 
> On Mon, Apr 3, 2017 at 11:22 AM, Ben Wilson via Public <public at cabforum.org <mailto:public at cabforum.org>> wrote:
> 
> Here is a redlined version of sections 7.1.4.2.1 and 7.1.4.2.2 of the Baseline Requirements which proposes amendments to the way the Baseline Requirements handle the maximum length for subjectAltName, commonName and organizationName and also clarifies the use of the underscore character.
> 
>  
> 
>  
> 
> Ben Wilson, JD, CISA, CISSP
> VP Compliance
> +1 801 701 9678 <tel:(801)%20701-9678>
> <image003.jpg>
> 
>  
> 
> 
> _______________________________________________
> Public mailing list
> Public at cabforum.org <mailto:Public at cabforum.org>
> https://cabforum.org/mailman/listinfo/public <https://cabforum.org/mailman/listinfo/public>
>  
> 
> 
> _______________________________________________
> Public mailing list
> Public at cabforum.org <mailto:Public at cabforum.org>
> https://cabforum.org/mailman/listinfo/public <https://cabforum.org/mailman/listinfo/public>
> 
> 
> _______________________________________________
> Public mailing list
> Public at cabforum.org
> https://cabforum.org/mailman/listinfo/public

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/public/attachments/20170411/7eccc0fa/attachment-0003.html>


More information about the Public mailing list