<html><head><meta http-equiv="Content-Type" content="text/html charset=utf-8"></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;" class=""><br class=""><div><blockquote type="cite" class=""><div class="">On Mar 25, 2017, at 12:53 PM, Ryan Sleevi <<a href="mailto:sleevi@google.com" class="">sleevi@google.com</a>> wrote:</div><br class="Apple-interchange-newline"><div class=""><meta http-equiv="Content-Type" content="text/html; charset=utf-8" class=""><div dir="ltr" class=""><div class="gmail_extra"><div class="gmail_quote">On Sat, Mar 25, 2017 at 3:38 PM, Peter Bowen <span dir="ltr" class=""><<a href="mailto:pzb@amzn.com" target="_blank" class="">pzb@amzn.com</a>></span> wrote:<br class=""><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div style="word-wrap:break-word" class=""><div class="">Who cares if there are collisions in cert subjects? We already have that possibility and this doesn’t really change that.</div></div></blockquote><div class=""><br class=""></div><div class="">Can you provide an example using the current validation requirements? I would think that the need for names to be meaningful and the validation procedures would exist to disambiguate these names by using a unique (for purpose) construction.</div></div></div></div></div></blockquote><div><br class=""></div><div>We allow individual names in certificates. There is zero requirement that only one person with an unique name live in the same city. Growing up we used to routinely get calls for someone who had the same name as my father who lived all of three blocks from us.</div><div><br class=""></div><div>Additionally, looking at <a href="https://arcc.sdcounty.ca.gov/pages/fbn-info.aspx" class="">https://arcc.sdcounty.ca.gov/pages/fbn-info.aspx</a> it explicitly says:</div><div><br class=""></div><div>"<span style="color: rgb(68, 68, 68); font-family: magraregular, Arial, serif; font-size: 14px; orphans: 2; widows: 2; background-color: rgb(255, 255, 255);" class="">All prospective registrants are cautioned that REGISTRATION OF A FICTITIOUS NAME DOES NOT GUARANTEE EXCLUSIVE USE OF THAT NAME."</span></div><br class=""><blockquote type="cite" class=""><div class=""><div dir="ltr" class=""><div class="gmail_extra"><div class="gmail_quote"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div style="word-wrap:break-word" class=""><div class="">Would it help if we moved the Subject Identified requirements to an overlay guideline such that the BRs only covered Internet-scope validation (e.g. just dNSName, ipAddress, SRVName, and maybe rfc822Address)?</div></div></blockquote><div class=""><br class=""></div><div class="">And commonName</div></div></div></div>
</div></blockquote></div><br class=""><div class="">OK. If the BRs only covered GeneralNames in the SubjectAlternativeName extension of types dNSName, ipAddress, rfc822Address and otherName (of type SRVName) and Subject Attributes of type commonName, would that help?</div></body></html>