[Servercert-wg] Ballot SC27: Version 3 Onion Certificates
Tobias S. Josefowitz
tobij at opera.com
Tue Jan 28 01:27:14 MST 2020
On Mon, 27 Jan 2020, Wayne Thayer wrote:
> Thank you Tobias, that is a great point. My intent was not to require a
> cert containing an onion name to contain only onion names. Does the
> following change (in all caps) to section 22.214.171.124 fix that?
> The CA SHALL confirm that prior to issuance, the CA has validated each
> Fully-Qualified Domain Name (FQDN), other than a Domain Name with .onion in
> the right-most label of the Domain Name, listed in the Certificate using at
> least one of the methods listed below. In addition, when issuing a
> Certificate that includes an FQDN with "onion" as the rightmost label, the
> CA SHALL confirm that prior to issuance, the CA has validated each FQDN
> listed in the Certificate with "onion" as the rightmost label in accordance
> with Appendix C.
I think that works, however
s/\.onion/"onion"/ for consistency.
More information about the Servercert-wg