[Servercert-wg] Ballot SC27: Version 3 Onion Certificates

Tobias S. Josefowitz tobij at opera.com
Mon Jan 27 08:19:15 MST 2020


On Fri, 24 Jan 2020, Wayne Thayer via Servercert-wg wrote:

> This ballot will permit CAs to issue DV and OV certificates containing Tor
> onion addresses using the newer version 3 naming format.
> https://github.com/cabforum/documents/compare/16a5a9bb78a193266f8d1465de1ee5a1acf5d184..fded04ad7f0390931d38af225bea46a4742fb631

Just a thought; is requiring all FQDNs present in the cert to be verified 
in accordance with Appendix 3 as soon as one FQDN present in the cert is a 
".onion"-FQDN the best and/or most clear way of saying "a certificate 
including so much as one '.onion'-FQDN may only include '.onion'-FQDNs"?


More information about the Servercert-wg mailing list