<html>
<head>
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<div class="moz-cite-prefix">Bonjour,<br>
<br>
Le 04/02/2015 22:19, Jeremy Rowley a écrit :<br>
[...]<br>
<br>
</div>
<blockquote
cite="mid:445290cba41444119f8c958eebbcc76a@EX2.corp.digicert.com"
type="cite">
<div class="WordSection1">
<div>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri",sans-serif">Amend
the Guidelines for the Issuance and Management of Extended
Validation Certificates v1.5.2 as follows: <o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri",sans-serif">Amend
Section 9.2.2 and 11.7.1 as follows:<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri",sans-serif">9.2.2.
Subject Alternative Name Extension Certificate field:
subjectAltName:dNSName<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri",sans-serif">Required/Optional:
Required<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri",sans-serif">Contents:
This extension MUST contain one or more host Domain
Name(s) owned or controlled by the Subject and to be
associated with the Subject’s server. Such server MAY be
owned and operated by the Subject or another entity (e.g.,
a hosting service). Wildcard certificates are not allowed
for EV Certificates<u> except as permitted under Appendix
F</u>.<o:p></o:p></span></p>
</div>
</div>
</blockquote>
<br>
So an EV certificate can't be a wildcard one, except under some new
conditions, applicable only to .onion names. Not a small change.<br>
<p class="MsoNormal"><br>
[...]<o:p></o:p><br>
</p>
<blockquote
cite="mid:445290cba41444119f8c958eebbcc76a@EX2.corp.digicert.com"
type="cite">
<div class="WordSection1"><span
style="font-size:11.0pt;font-family:"Calibri",sans-serif"></span>
<div> </div>
<div>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri",sans-serif">Add
a new Appendix F:<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri",sans-serif">Appendix
F – Issuance of Certificates for .onion Domain Names <o:p></o:p></span></p>
</div>
<div><span
style="font-size:11.0pt;font-family:"Calibri",sans-serif">
<o:p></o:p></span></div>
</div>
</blockquote>
<div class="WordSection1">
<div><br>
[...]</div>
</div>
<br>
<blockquote
cite="mid:445290cba41444119f8c958eebbcc76a@EX2.corp.digicert.com"
type="cite">
<div class="WordSection1"><span
style="font-size:11.0pt;font-family:"Calibri",sans-serif"><o:p></o:p></span>
<div> </div>
<div>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri",sans-serif">4.
Each Certificate that includes a Domain Name where .onion
is in the right-most label of the Domain Name MUST conform
to the requirements of these Guidelines, including the
content requirements in Section 9 and Appendix B of the
Baseline Requirements, except that the CA MAY include a
wildcard character in the Subject Alternative Name
Extension and Subject Common Name Field as the <span
style="color:#1F497D">right-</span>most character in the
.onion Domain Name provided inclusion of the wildcard
character complies with Section 11.1.3 of the Baseline
Requirements.<o:p></o:p></span></p>
</div>
</div>
</blockquote>
<br>
What does that mean?<br>
is <prefix>*.onion accepted?<br>
is *.onion accepted?<br>
<br>
<pre class="moz-signature" cols="72">--
Erwann ABALEA
</pre>
<br>
</body>
</html>