[cabfpub] Naming rules

Peter Bowen pzb at amzn.com
Sat Mar 25 20:20:28 UTC 2017


> On Mar 25, 2017, at 12:53 PM, Ryan Sleevi <sleevi at google.com> wrote:
> 
> On Sat, Mar 25, 2017 at 3:38 PM, Peter Bowen <pzb at amzn.com <mailto:pzb at amzn.com>> wrote:
> Who cares if there are collisions in cert subjects?  We already have that possibility and this doesn’t really change that.
> 
> Can you provide an example using the current validation requirements? I would think that the need for names to be meaningful and the validation procedures would exist to disambiguate these names by using a unique (for purpose) construction.

We allow individual names in certificates.  There is zero requirement that only one person with an unique name live in the same city.  Growing up we used to routinely get calls for someone who had the same name as my father who lived all of three blocks from us.

Additionally, looking at https://arcc.sdcounty.ca.gov/pages/fbn-info.aspx <https://arcc.sdcounty.ca.gov/pages/fbn-info.aspx> it explicitly says:

"All prospective registrants are cautioned that REGISTRATION OF A FICTITIOUS NAME DOES NOT GUARANTEE EXCLUSIVE USE OF THAT NAME."

> Would it help if we moved the Subject Identified requirements to an overlay guideline such that the BRs only covered Internet-scope validation (e.g. just dNSName, ipAddress, SRVName, and maybe rfc822Address)?
> 
> And commonName

OK.  If the BRs only covered GeneralNames in the SubjectAlternativeName extension of types dNSName, ipAddress, rfc822Address and otherName (of type SRVName) and Subject Attributes of type commonName, would that help?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/public/attachments/20170325/35f14e3c/attachment-0003.html>


More information about the Public mailing list